April 2007 - Technical Rollup Mail - Security
News
Malware Revolution: A Change in Target - https://go.microsoft.com/?linkid=6490995
By Mary Landesman, Technical Editor, Microsoft Security Research and Response
A significant evolution has occurred in the malware landscape over the past five years -- a change of intent from amateur virus writers seeking attention to professional criminals seeking profit. But in the past year, a more abrupt shift has taken place -- a change in target. This article discusses this shift, the impact on the user and on the technology, and the multipronged approach Microsoft is taking to address this latest stage in the malware evolution.
Microsoft @ InfoSecurity Europe 2007 https://go.microsoft.com/?linkid=6490996
Visit Microsoft at InfoSecurity Europe 2007 (Stand G120) to experience Microsoft ForefrontT, our range of security products for business that deliver greater protection and control through integration and simplified management. Discuss your security challenges at individual consultations with our security experts. Gain a more in-depth knowledge of Microsoft client, server and edge security technologies by participating in the Pillar Room Forefront Security Academy.
New online "Security Guidance Centre" for UK businesses https://go.microsoft.com/?linkid=6490997
Microsoft's new Security Guidance Centre for medium-sized and enterprise businesses in the UK is a comprehensive resource offering solutions, tools and guidance on IT security issues.
Announcing the Microsoft Security Awareness Toolkit
People need to be educated on what your organization considers appropriate security-conscious behaviour, and also what security best practices they need to incorporate in their daily business activities. This toolkit provides guidance, samples, and templates for creating a security awareness program in your organization.
New Localized Versions of Windows Defender https://go.microsoft.com/?linkid=6490999
Microsoft has announced the availability of Windows Defender in Spanish, Italian, Dutch, Portuguese (Brazil), and Russian. These languages are in addition to German and Japanese, which were made available last year. As part of our commitment to deliver world-class software, we will continue to deliver additional localized versions of Windows Defender during the first half of 2007 through the Windows Defender Download Center.
2007 Microsoft Office Security Guide https://go.microsoft.com/?linkid=6491000
The 2007 Microsoft Office Security Guide will provide instructions and recommendations on how to help strengthen the security of the 2007 Microsoft Office system on Windows Vista or Windows XP SP2 desktops and laptops. The Microsoft Solution Accelerators -- Security & Compliance team is currently conducting a requirements survey for this guide and needs input from customers and partners. This is your chance to help shape this important security guide in its early stages, and to make sure that your most important needs are addressed. https://go.microsoft.com/?linkid=6491001
Introducing the "Core Infrastructure Optimization Implementer Resource Guide: Basic to Standardized" https://go.microsoft.com/?linkid=6491002
Infrastructure Optimization provides a logical roadmap to progress from reactive to proactive IT service management. This document introduces high-level concepts for planning, building, deploying, and managing these capabilities and provides links to relevant resources where more-detailed and more-actionable content can be found. Use the information contained in this guide to help you assess your organization's optimization level and move from the Basic level to the Standardized level.
Fundamental Computer Investigation Guide for Windows https://go.microsoft.com/?linkid=6500778
This guide discusses processes and tools for use in internal computer investigations. It also presents an applied scenario example of an internal investigation that uses Windows Sysinternals tools (advanced utilities that can be used to examine Windows-based computers) as well as commonly available Windows commands and tools. https://go.microsoft.com/?linkid=6500844
Case Study: T-Systems Austria https://go.microsoft.com/?linkid=6500780
The T-Systems IT business unit has relied on Microsoft Antigen for the email security of its Microsoft Exchange Server 2003 infrastructure. So, as the technology leader moves to the 64-bit world of Exchange Server 2007, it's also adopting Microsoft Forefront Security for Exchange Server. The company praises its ability to catch viruses and dangerous file types - with easy administration and no hit on server performance.
Video Case Study:
100k.wvx https://go.microsoft.com/?linkid=6500845
300k.wvx https://go.microsoft.com/?linkid=6500846
Case Study: Guardian Management https://go.microsoft.com/?linkid=6500781
Guardian Management LLC (Guardian) depends on Microsoft Antigen to protect its Exchange Server 2003 servers. With its planned upgrade to Exchange Server 2007, the company is also preparing to move to Forefront Security for Exchange Server. Guardian finds it offers even more protection than Antigen, plus simple installation and trouble-free use that make life easier for its two IT staffers.
Video Case Study:
100k.wvx https://go.microsoft.com/?linkid=6500847
300k.wvx https://go.microsoft.com/?linkid=6500848
Microsoft Technical Security Notifications https://go.microsoft.com/?linkid=6491006
Better protect your computing environment by keeping up to date on Microsoft technical security notifications. Notifications are available in RSS, instant message, mobile device, or e-mail format, and are always available online at TechNet on the Security Bulletin Search web page. https://go.microsoft.com/?linkid=6491007
Microsoft Security Bulletin Summary for March, 2007
https://www.microsoft.com/technet/security/bulletin/ms07-mar.mspx
Search for previous security bulletins https://go.microsoft.com/?linkid=3992478
Security Bulletin Feed https://go.microsoft.com/?linkid=3992479 RSS https://go.microsoft.com/?linkid=3992480
Developer
New Security Webcasts https://msdn2.microsoft.com/en-us/security/aa570424
Check out new Security Webcasts dealing with Windows Vista, Office, AJAX, and other topics.
Privacy Guidelines for Developing Software Products and Services https://go.microsoft.com/fwlink/?linkid=75045
The Privacy Guidelines for Developing Software Products and Services are a public version of Microsoft's extensive internal privacy guidelines for developers that help protect customer privacy.
Web Downloads: Build Smarter ASP.NET File Downloading Into Your Web Applications https://msdn.microsoft.com/msdnmag/issues/06/09/webdownloads/default.aspx
In this article, Joe Stagner presents some solutions for downloading files from ASP.NET sites so your users will have a fast, secure, and error-free downloading experience.
Description of the Security Update for the Visual Studio .NET 2003 Service Pack 1 Development Platform https://go.microsoft.com/?linkid=6374577
Documents
Raise Your Security Awareness! https://go.microsoft.com/?linkid=6491004
Read the exclusive series of fortnightly articles, written by leading independent security experts, addressing the vital issues relevant to today's medium-sized businesses in the UK.
Recommended to you this month:
1. Secure that laptop https://go.microsoft.com/?linkid=6491005
Security Tip of the Month: Why Create a Security Incident Response Process https://go.microsoft.com/?linkid=6491008
By Christopher Budd, Security Program Manager, Microsoft Corporation
Effectively combating malicious software requires the combination of three critical elements: people, processes, and technology. This article focuses on the process element and talks about the incident response process, asserting that, in many ways, this is the most important process element in a comprehensive strategy for dealing with malicious software.
Enabling Security Management Through Active Directory Group Policy https://go.microsoft.com/?linkid=6409903
Use Microsoft webcasts, guides and downloads for guidance on how to lock down your network to create an accessible yet flexible secured environment. Learn how to configure Active Directory and Microsoft Identity Integration Server (MIIS) to automate the user provisioning process and use Active Directory group policies to exercise role-based access control. Plus, see how you can create least-privilege policies with Windows Rights Management Services (RMS) to protect sensitive information, and learn about implementing certificates with Microsoft Certificate Lifecycle Manager.
Defend Against Malware with Windows Vista https://go.microsoft.com/?linkid=6491009
Windows Vista includes several new technologies that you can use to help enhance protection against malware for computers running Windows Vista in your environment. This chapter from the Windows Vista Security Guide provides overviews of these technologies, and recommendations on how to configure them when applicable. https://go.microsoft.com/?linkid=6491010
Deployment of the Microsoft Windows Malicious Software Removal Tool in an Enterprise Environment https://go.microsoft.com/?linkid=6491011
The Microsoft Windows Malicious Software Removal Tool is primarily intended for noncorporate users who do not have an existing, up-to-date antivirus product installed on their computers. However, the tool can also be deployed in an enterprise environment to enhance existing protection and as part of a defense-in-depth strategy. Read this article for guidance on how to deploy the tool in an enterprise environment.
Using Software Restriction Policies to Protect Against Unauthorized Software https://go.microsoft.com/?linkid=6491012
Software restriction policies are one of many important management features in Windows Vista and earlier operating systems (Windows XP and Windows Server 2003). This article provides an in-depth look at the new Software Restriction Policy features in Windows Vista and Windows Longhorn Server, and how they can help meet current security challenges.
Software Restriction Policy for Windows XP Clients https://go.microsoft.com/?linkid=6491013
This chapter from the Windows XP Security Guide shows how software restriction policy protects computers that run Windows XP Professional against known conflicts and safeguards them against malicious software such as viruses and Trojan horse programs.
Microsoft Forefront Client Security TechCenter https://go.microsoft.com/?linkid=6491014
Microsoft Forefront Client Security provides unified malware protection for business desktops, laptops, and server operating systems. Check out the TechCenter for information about the public beta and troubleshooting guide as well as links to the Forefront Client Security Technical Library, team blog, and discussion forums.
ISA Server Network Protection: Protecting Against Floods and Attacks https://go.microsoft.com/?linkid=6491015
Learn how ISA Server 2006 addresses the key concerns of information technology (IT) administrators tasked with safeguarding their IT environment. The article outlines ISA Server network protection features, describes how ISA Server mitigates attacks, and provides best practices that IT professionals should follow to configure ISA Server to better protect their networks.
Responding to IT Security Incidents https://go.microsoft.com/?linkid=6491016
This document will provide you with a recommended process and procedures to use when responding to intrusions identified in a small- to medium-based (SMB) network environment. The value of forming a security incident response team with explicit team member roles is explained, as well as how to define a security incident response plan.
Fundamental Computer Investigation Guide for Windows https://go.microsoft.com/?linkid=6491017
This guide discusses processes and tools for use in internal computer investigations. It introduces a multiphase model that is based on well-accepted procedures in the computer investigation community. It also presents an applied scenario example of an internal investigation in an environment that includes Microsoft Windows-based computers.
Threat Modeling: Uncover Security Design Flaws Using the STRIDE Approach https://go.microsoft.com/?linkid=6491018
Whether you're building a new system or updating an existing one, you'll want to consider how an intruder might go about attacking it and then build in appropriate defenses at the design and implementation stages of the system.
Developer Best Practices and Guidelines for Applications in a Least Privileged Environment https://go.microsoft.com/?linkid=6491019
This white paper provides guidelines and suggested best practices for independent software vendor (ISV) developers on how to integrate their products with the new security infrastructure of User Account Control (UAC) on Microsoft Windows Vista.
Downloads
Microsoft Forefront Client Security Public Beta Administration Guide
This .doc file provides up-to-date information about administering Microsoft® Forefront™ Client Security.
Server Security Patch Management at Microsoft - Sharing the Microsoft IT Experiences
This 30-page technical white paper details how the Microsoft IT group manages server security patching. Details on internal processes, tools, and Systems Management Server 2003 features are given. Also included are the best practices and lessons learned for patch management, including security patch management for servers based on the internal Microsoft IT early adopter experience.
Windows® Defender x64
Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.
Windows® Defender
Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software. Windows Defender no longer supports Windows 2000 as mainstream support ended in June 2005.
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
How to Help Secure a Groove Manager Web Site
This document contains procedures you can use to help secure your Groove Manager Web site.
Internet Security and Acceleration (ISA) Server 2006 VHD
A Pre-configured Virtual Machine
This download comes as a pre-configured VHD. ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing users with fast and secure remote access to applications and data.
Events/WebCasts
Microsoft Security Webcast Series: Upcoming and On-Demand
Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
https://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200)
Wednesday, April 11, 2007 11:00 A.M.-12:00 P.M. Pacific Time
TechNet Webcast: Best Practices with SQL Server 2005 Security (Level 200)
Thursday, April 12, 2007 8:00 A.M.-9:00 A.M. Pacific Time
TechNet Webcast: Windows Vista Wireless Security and Management (Level 200)
Friday, April 13, 2007 9:30 A.M.-11:00 A.M. Pacific Time
TechNet Webcast: Deploying IPsec with Windows Vista (Level 200)
Wednesday, April 18, 2007 11:30 A.M.-1:00 P.M. Pacific Time
TechNet Webcast: ISA Server 2006 Technical Overview (Level 200)
Friday, April 20, 2007 11:30 A.M.-1:00 P.M. Pacific Time
TechNet Webcast: A Technical Overview of Forefront Client Security (Level 200)
Monday, April 23, 2007 1:00 P.M.-2:30 P.M. Pacific Time
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 200)
Tuesday, April 24, 2007 9:30 A.M.-10:30 A.M. Pacific Time
TechNet Webcast: Deploying Forefront Client Security (Part 1 of 2) (Level 200)
Wednesday, April 25, 2007 1:00 P.M.-2:00 P.M. Pacific Time
TechNet Webcast: Deploying Forefront Client Security (Part 2 of 2) (Level 200)
Friday, April 27, 2007 1:00 P.M.-2:00 P.M. Pacific Time
TechNet Webcast: ISA Server 2006 Firewall and Proxy Services (Level 200)
Monday, April 30, 2007 1:00 P.M.-2:30 P.M. Pacific Time
On-Demand Security Webcasts
https://www.microsoft.com/events/security/ondemand.mspx
A.O.B
Protect Your Computer
Don't let hackers hijack your browser https://go.microsoft.com/?linkid=6491020
"Browser hijacking" is an online attack in which hackers take control of your Internet browser and change how it behaves. Learn how to help prevent these types of attacks and how to restore your browser's settings if it has been hijacked.
Downloading? Click "Save", not "Run" https://go.microsoft.com/?linkid=6491021
Make sure your antivirus software has a chance to check the files that you download before you open them on your computer.
Protect Yourself
Are your neighbours "borrowing" your home wireless network? https://go.microsoft.com/?linkid=6491022
Take a few steps to help ensure that your network can't be accessed from next door--or from a stranger's car across the street.
Protect Your Family
5 security features in Windows Vista you might not know about https://go.microsoft.com/?linkid=6491023
The Windows Vista operating system is widely available, so we thought we'd help you get to know it. Here are five security features in Windows Vista that might just surprise you.
Help enforce limits on your children's computer use with Windows Vista https://go.microsoft.com/?linkid=6491024
With the time-limits feature in Windows Vista, you can control how much time your child spends on the computer. Find out how to use time restrictions to set responsible limits on your child's computer use.