December 2012 – Technical Rollup Mail - Security



"Blackhole" Exploit Kit Activity Peaks as Exploit Activity on the Internet Reaches New Heights Blacole, a family of exploits used by the so–called Blackhole exploit kit to deliver malicious software through infected webpages, was the most commonly detected exploit family in the first half of 2012 by a large margin. Learn more about this exploit, and steps you can take to evaluate the risks in your environment and mitigate them as soon as possible.


The Promise of Differential Privacy Microsoft has some of the world’s top privacy researchers working on a wide variety of interesting challenges, and strives to translate this research into new privacy–enhancing technologies. Differential Privacy is a technology that enables researchers and analysts to extract useful answers from databases containing personal information and, at the same time, offers strong individual privacy protections. Explore how Differential Privacy works; download the new white paper entitled, "Differential Privacy for Everyone".

Microsoft Security Bulletin Summary for Dec, 2012

Security Bulletin Overview for Dec 2012

Microsoft Security Response Center (MSRC) Blog Post

Windows Media Video (WMV)

Windows Media Audio (WMA)

iPod Video (MP4)

MP3 Audio

High Quality WMV (2.5 Mbps)

Zune Video (WMV)

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site

See a List of Supported Service Packs

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.

Forefront Threat Management Gateway 2010

Forefront Security TechCenter

Please note that if you have feedback on documentation or wish to request new documents - email

Forefront Threat Management Gateway 2010 homepage

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog ( is updated on a regular basis. Latest entries include:

Using the Account Lockout Feature in TMG 2010

Setting up TMG 2010 Where EMS is a Domain Member and Array Servers are in a Workgroup

How to determine if a client request contains a Multi-Line Header

How to implement PEAP-MSCHAPv2 as authentication method for VPN connections in TMG 2010

Other TechNet Blogs

Data analysis with TMG data packager.

TMG services hang at startup due to third party service.

Forefront Unified Access Gateway 2010

Forefront Unified Access Gateway 2010 Technical Resources

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog ( is updated on a regular basis. Latest entries include:

UAG 2010 Service Pack 3 is in the works

UAG published website is not fully rendered

Other TechNet Blogs

UAG Error Codes

UAG support for Windows 8…and other new tech

The UAG Video course is out!

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.



The latest entries include:

ISA /TMG server returned a response code of 400 (BAD REQUEST)

Forefront UAG DirectAccess: Application Compatibility Table (en-US)


Security Tip of the Month: Kicking the Virtual Tires of a Cloud Provider Evaluating a cloud provider needs to be done with care. Learn how to make the evaluation process simpler and easier to ensure that everyone can address the important factors of the cloud selection process.


Understanding Security Account Management in Windows Azure There are several recommended approaches to security management for applications and services hosted on Windows Azure. Explore these recommendations along with best practices for creating and managing administrative accounts, using certificates for authentication, and handling transitions when employees begin or terminate employment.


Windows Azure Security Best Practices for Developers Explore this seven–part blog series for a discussion of the challenges involved in designing applications for the cloud and tips on what you can do in your software to insure access to those who should have access and prevent access those who do not.


Security Guidelines for SQL Azure SQL Azure Database is a cloud database service from Microsoft that provides Web–facing database functionality as a utility service. If you are planning to connect to SQL Azure Database, or if you build secure applications on SQL Azure, make sure to consult these security guidelines.


A Solution for Private Cloud Security Find a comprehensive explanation of the process for designing and running security for a robust and comprehensive private or hybrid cloud environment.


Five Security Tips for Windows Intune Learn how to use the security features in Windows Intune, Microsoft’s cloud services solution for PC management and endpoint protection, to implement best practices that can help you better protect your PCs.


Security in Office 365 Get an overview on how Office 365 makes it easy for users and administrators to access and use data and services while following security best practices. For more detailed information on security in Office 365, download the "Office 365 Security and Service Continuity Service Description" available from the Download Center.


Security Webcast Calendar

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

On-Demand Security Webcasts

Visit TechNet Spotlight:

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

Technorati Tags: Security,Forefront,intune,Office 365