August 2009 – technical Rollup Mail - Security
News
Introducing the Microsoft Assessment and Planning Toolkit for PC Security https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228993&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
The Microsoft Assessment and Planning (MAP) Toolkit is a powerful inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations and virtualization without the use of any software agents. When you use the MAP Toolkit to assess the security of your client infrastructure, you also receive a PC security assessment report, a security readiness report, and a security readiness proposal.
MSDN Channel 9 Interviews and Demos - !exploitable Crash Analyzer https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228994&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Meet the program manager behind the proactive, open-source security tool called !exploitable. It’s the only tool of its kind that increases efficiency, reduces cost, and improves security by providing automated crash analysis and security risk assessment. !exploitable Crash Analyzer puts crash analysis that previously required the help of a security expert into a tool that every developer and tester can use.
New Windows 7 and Internet Explorer 8 Security Baselines Beta Opening Soon https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228995&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Does your organization waste valuable resources on security issues? Meet your business-critical needs and elevate the security of Microsoft products with these new security baselines. The security baselines combine best-practice guidance and tools to help you plan, deploy, and monitor the security of Windows 7 and Internet Explorer 8.0. This Beta launches in mid-July 2009. Sign-up now https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228937\&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 to receive notification updates so that you will get the first look at this new release of security baselines for Windows 7 and Internet Explorer 8. Members, bookmark this link https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228938&s1=68628015-2ccc-cbc7-31b9-0e76c3415474.
Forefront Security for Exchange Server with Service Pack 2 Now Available https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228996&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Make protecting your Exchange Server 2007 environments easier by downloading the latest release of Microsoft Forefront Security for Exchange Server. New features include visibility of all actively published engines, alerts and notifications about new engine availability, and rollup of software fixes.
Forefront Security for SharePoint with Service Pack 3 Now Available https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228997&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Help better protect your Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments from malware and inappropriate content by downloading the latest release of Microsoft Forefront Security for SharePoint. New features include visibility of all actively published engines, alerts and notifications about new engine availability, and rollup of software fixes.
Microsoft Security Bulletin Summary for July, 2009
https://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
Evaluate Forefront’s Integrated Portfolio of Protection, Identity, and Access Products https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229432&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Microsoft Forefront delivers leading malware protection solutions across endpoints, messaging and collaboration application servers, and the network, while Microsoft’s identity-based access technologies and Forefront solutions build upon Active Directory’s infrastructure to enable policy-based user access to applications, devices, and information.
Try Out Microsoft Antigen 9.0 with Service Pack 2 https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229433&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Improve protection for Exchange Server 2003 and Exchange 2000 Server with the SP2 release of Microsoft Antigen 9.0. New features include visibility of all actively published engines, alerts and notifications of new engine availability, improved anti-spam detection through integration of Cloudmark engine, and rollup of software fixes.
Documents
Microsoft SDL – Developer Starter Kit https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228998&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
The Microsoft SDL – Developer Starter Kit offers 14 modules of content, labs, and training to help you establish a standardized approach to rolling out the Microsoft SDL in your organization, build a customized SDL training program for your development teams, or enrich your existing development practices.
Microsoft Security Development Lifecycle for Line-of-Business Applications https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228999&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Referred to as the SDL-LOB process for short, this mainstream approach to the SDL defines standards and best practices for securing the line-of-business applications that support your business. Get actionable guidance on requirements plus design, implementation, verification, and release processes.
Microsoft SDL Process Template for Visual Studio Team System https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229000&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
The Microsoft SDL Process Template for Microsoft Visual Studio Team System is a downloadable template that directly integrates the Security Development Lifecycle v4.1 into your software development. It generates a detailed Final Security Review report that provides an up-to-the-minute overview of security issues, testing results, and status for all security requirements associated with a project.
How Do I: Set Up the SDL Process Template? https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229001&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
The Microsoft SDL Process Template for Visual Studio Team System was created to ease adoption of the SDL by automatically integrating the policy, processes, and tools of SDL v4.1 into Visual Studio Team System 2008. In this video, learn how to install the SDL Process Template, and then see how to begin using the template in your next project.
Improving Web Services Security Guide https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229002&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Using end-to-end application scenarios, this guide shows you how to design and implement authentication and authorization in Windows Communication Foundation. You will learn how to improve the security of your Windows Communication Foundation services through prescriptive guidance including practices at a glance, guidelines, a Q&A, and step-by-step how-to articles.
Downloads
Forefront Online Security for Exchange (FOSE) 9.1 Product Documents
Product documents for FOSE 9.1 include the following: New Features Guide, Administration Center User Guide, Directory Synchronization Tool Administration Guide, Customer Quick Cards and Forefront Online Security for Exchange Filtering Service Launch and Best Practices
Group Policy Preference Client Side Extensions for Windows Vista (KB943729)
Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1).
Group Policy Preference Client Side Extensions for Windows Vista x64 Edition (KB943729)
Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1).
Security Audit Events for Windows 7 and Windows Server 2008 R2
A list of all security audit events for Windows Server 2008 R2 and Windows 7
Microsoft Code Name "Geneva" SbS Guides and VMs
"Geneva" Step by Step Guides and Virtual Machines
Microsoft Forefront Security for SharePoint with Service Pack 3
Forefront Security for SharePoint with Service Pack 3 helps business protect their Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content.
Antigen 9.2 Privacy Statement
This document describes the privacy policy for the 9.2 release of Microsoft Antigen
Microsoft Antigen for SMTP Gateways with Antigen Spam Manager with SP2 Trial Only
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.
Microsoft Antigen for Exchange with Antigen Spam Manager with SP2 Trial Software
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.
Microsoft Forefront Security for Exchange Server with Service Pack 2
Help protect your Exchange server from viruses and other malware.
FSOCS performance analysis and capacity planning document
Document provides insights into performance testing and analysis conducted for the Forefront security for Office Communication Server
IT Manager: Platform Solution Blueprint – Security
The Security Platform Solution Blueprint Poster by Advaiya gives IT managers a comprehensive view of how security technologies work within their IT environment.
Security, Identity, and Access Management Datasheet
This offering provides an end-to-end security solution that allows you to move toward a dynamic IT infrastructure while ensuring better security integration, manageability, and efficiency.
Forefront Online Security for Exchange (FOSE) 9.1 Product Documents
Product documents for FOSE 9.1 include the following: New Features Guide, Administration Center User Guide, Directory Synchronization Tool Administration Guide, Customer Quick Cards and Forefront Online Security for Exchange Filtering Service Launch and Best Practices
HomeGroup and Firewall Interaction
Details how HomeGroup interacts with firewalls, using Windows Firewall as an example. Explains what ports and rules are required for firewalls to implement for HomeGroup to work correctly
Introduction to Windows Firewall with Advanced Security
Learn how to manage Windows Firewall in Windows 7 and Windows Vista by using the Windows Firewall with Advanced Security Microsoft Management Control (MMC) snap-in, with Netsh commands, and with Group Policy.
White Paper: Implementing an ADFS Solution for Microsoft Dynamics CRM by Using IAG
This paper includes high-level guidance on using IAG to implement an ADFS solution for Microsoft Dynamics CRM 4.0.
Network Access Quarantine Control in Windows Server 2003
This white paper describes Network Access Quarantine Control in Windows Server 2003.
Forefront Unified Access Gateway (UAG) Beta 2
Microsoft Forefront Unified Access Gateway (UAG) is a secure application gateway, to manage, control, and optimize remote access for managed and non-managed endpoints, to corporate applications and resources.
Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
Update for Windows Mail Junk E-mail Filter [July 2009] (KB905866)
Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
July 2009 Security Release ISO Image
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on July 14th, 2009.
Update for Windows Mail Junk E-mail Filter for x64-based Systems [July 2009] (KB905866)
Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
Request a Password Reset for Microsoft Online Services CTP
This document is intended for users of the July 2009 Community Technology Preview (CTP) of Microsoft® Online Services who need information about requesting a password reset.
Windows Firewall Categories and User Facing Impact
Word document on best practice guidance on Windows Firewall Categories
Microsoft Anti-Cross Site Scripting Library V3.0
AntiXSS 3.0 helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine
Enabling Third party Firewall DirectAccess Clients
This Word document describes the rules and exemptions for configuring third party host-based firewalls to work with DirectAccess.
Microsoft Directory Synchronization Tool 9.1
May 2009
The Microsoft Directory Synchronization Tool 9.1 enables you to securely synchronize selected data between an on-premise Active Directory and the Forefront Online Security for Exchange (FOSE) and Exchange Hosted Archive (EHA) services.
Network Access Quarantine Control in Windows Server 2003
This white paper describes Network Access Quarantine Control in Windows Server 2003.
Microsoft Secured Unified Communications Datasheet
Microsoft Defense Solutions
Defence Transformation Poster
Using the Connected Government Framework Microsoft helps defence organisations deliver open, secure, interoperable and manageable IT infrastructures to execute tactical missions and achieve strategic goals.
Microsoft® Forefront Threat Management Gateway (TMG) Beta 3 Tools & Software Development Kit
The tools here provide diagnostics and other feature-related tools, and the software development kit, for Forefront TMG Beta 3.
Microsoft Situational Awareness
Microsoft Government Identity Management
Microsoft Forefront Client Security 1.0 SP1
Core Network Companion Guide: Deploying Server Certificates
This companion guide to the Core Network Guide provides instructions on how to deploy server certificates with Active Directory Certificate Services (AD CS) and how to autoenroll server certificates to computers running Network Policy Server (NPS) and Routing and Remote Access Service (RRAS).
Microsoft Threat Analysis and Modeling v3.0 beta
Threat modeling to empower application risk management.
Security Audit Events for Windows 7 and Windows Server 2008 R2
A list of all security audit events for Windows Server 2008 R2 and Windows 7
Forefront Online Security for Exchange (FOSE) 9.1 Product Documents
Product documents for FOSE 9.1 include the following: New Features Guide, Administration Center User Guide, Directory Synchronization Tool Administration Guide, Customer Quick Cards and Forefront Online Security for Exchange Filtering Service Launch and Best Practices
Windows Firewall Categories and User Facing Impact
Word document on best practice guidance on Windows Firewall Categories
Events/WebCasts
Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
https://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200)
Wednesday, August 12, 2009 11:00 A.M.-12:30 P.M. Pacific Time
IT Manager Webcast: How Microsoft IT deployed DirectAccess to Provide Secure Access to Corporate Resources from Anywhere (Level 200)
Thursday, August 13, 2009 11:00 A.M.-12:00 P.M. Pacific Time
TechNet Webcast: Connect Remotely Using Windows 7 Direct Access (Level 300)
Wednesday, August 19, 2009 10:00 A.M.-11:00 A.M. Pacific Time
On-Demand Security Webcasts
https://www.microsoft.com/events/security/ondemand.mspx
Security Awareness Materials https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11524381&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Guidance, samples, and templates for creating a security-awareness program in your organization.
Learn Security On the Job https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11524382&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Learning Paths for Security - Microsoft Training References and Resources https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11524383&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more
A.O.B
Security MVP of the Month: Jesper M. Johansson https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229003&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Jesper Johansson, ISSAP, CISSP, and MSCE, is a well-known authority on information security in general and Windows security in particular. He is currently a principal software security architect, managing programs and projects related to application security, secure software development practices, and security training. He has delivered presentations on information security on five continents, has spoken at most major security events, and has written many articles on security.
MVP Article of the Month: Security Watch – Thoughts on Identity https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12229005&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
In this first part of a two-part series, Jesper Johansson delves into the concept of identity—what defines an identity, who gets to control the information, and how do we ensure that it is properly secured? In part two https://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12228945&s1=68628015-2ccc-cbc7-31b9-0e76c3415474, he covers additional principles that successful digital identity systems must meet.