November 2008 - Technical Rollup Mail - Security


Download the Urgent Security Update for Windows

Microsoft released an out-of-band security update on October 23 for all currently supported versions of Microsoft Windows. Download and install the update from Microsoft Update today.

Restore Infected PCs with the Malware Removal Starter Kit!

You’ll get free, tested guidance and tools to help you combat malware attacks and restore infected systems—so your customers can safely get back to work.

Microsoft Seeks to End Lottery Fraud Our new effort to end lottery scams includes a reporting system for victims of identity theft, partnerships with other companies, and providing analyzed data to global law enforcement agencies.

Microsoft Security Assessment Tool

Wouldn't it be great if you had a report created for your business that detailed specific actions you should take to further secure your IT environment? Wouldn't it be great if that report was built from an assessment of your current security requirements cross-checked against an assessment of your current security investments? Wouldn't it be great if there was a free tool to do this? Guess what? The Microsoft Security Assessment Tool (MSAT) is that free tool. We've just released a new version (v4) with a new UI and a new extended report. Download MSAT here.

Online Identity Theft: Changing the Game - Protecting Personal Information on the Internet

Identity theft is not only a threat faced by consumers but also a significant concern for organisations as they handle growing volumes of personally identifiable information (PII) and use it in more diverse ways. This paper outlines a set of near-term tactics for mitigating online identity theft as well as a longer-range strategic vision for fundamentally 'changing the game' with regard to how people assert their identity on the Internet and how such identity claims are verified by other parties during an online interaction or transaction.

Security Development Lifecycle: Three New Programmes

As part of its commitment to make the Security Development Lifecycle (SDL) available to every developer, Microsoft is delivering three new SDL programmes and tools in November 2008: the SDL Pro Network, the SDL Optimisation Model, and the Microsoft SDL Threat Modelling Tool. These offerings will enable the industry to create more secure and privacy-enhanced technology for an online world. Learn more about these programmes or watch a demo about the SDL Threat Modelling Tool.

Microsoft Security Bulletin Summary for October, 2008

Search for previous security bulletins

Security Bulletin Feed RSS

Microsoft Internet Security and Acceleration Server

Internet Security and Acceleration (ISA) Server TechCenter

Please note that if you have feedback on documentation or wish to request new documents - email

Forefront Edge Security Community

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog ( is updated on a regular basis. Latest entries include:

Using a Client Certificate when Bridging SSL traffic from ISA Server

A Preview of Exciting Things to Come

ISA Server wins Readers' Choice award

Unable to “Check Out” a Document in MOSS 2007 Published Through ISA Server 2006

Intelligent Application Gateway 2007

Intelligent Application Gateway 2007 Technical Resources

Forefront Edge Security Community

Intelligent Application Gateway Product Team Blog

The IAG Product Team Blog ( is updated on a regular basis. Latest entries include:

Publishing SharePoint with IAG 2007 – Part 1: What is SharePoint AAM and why do we need it?

Publishing SharePoint with IAG 2007 – Part 2: Common Questions

Publishing SharePoint with IAG 2007 – Part 3: SharePoint Topologies


White Paper: Managing a Public Key Infrastructure Using Active Directory Certificate Services and Identity Lifecycle Manager (ILM)

This white paper, from Oxford Computer Group explores many of the business drivers for a Microsoft-centric Certificate and Card Management System (CCMS), a term coined to describe the conjoined capabilities of Active Directory Certificate Services and Identity Lifecycle Manager. It explores the challenges and opportunities of implementing a CCMS solution from the perspectives of design, implementation, operations, etc.

Patterns & Practices Security Engineering Update

Check out J. D. Meier's overview of the patterns & practices approach to security engineering, which covers - among other topics - the security frame used to perform security code and design inspections.

Security Tip of the Month: Planning for Hyper-V Security

How do you know who is accessing what in your IT environment? This vital question is often faced by security administrators, and many IT organisations have challenges identifying and understanding patterns of client access to enterprise resources. This article offers some quick tips and tools to help you understand which users or system accounts have access to which resources, and when.

Windows Vista Security Guide

This guide provides you with specific recommendations and automated tools to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory service. You'll also learn how to use the GPOAccelerator tool that accompanies the guide to help you automatically deploy security settings in minutes instead of hours.

WFAS Design and Deployment Guide

This guide helps you design and deploy Windows Firewall with Advanced Security settings and rules that meet your goals for network security.

Full Volume Encryption using Windows BitLocker Drive Encryption Datasheet

The Full Volume Encryption using Windows BitLocker Drive Encryption offering capitalizes on the Microsoft Solution Framework (MSF) to envision, plan, develop, stabilize (test), and deploy BitLocker in your environment.

Understanding the Servicing Models for Major Microsoft Software

Understanding the Servicing Models for Major Microsoft Software describes the business and technical reasoning in, and the processes comprising the evaluation and delivery of code changes within security update packages.

Network Access Protection with IPsec Enforcement Datasheet

Network Access Protection is designed to protect both remote and local users from viruses, worms, and malicious software by helping to verify and directly update any computer attempting to access the network while restricting the network access of non-compliant clients

Enterprise Data Security Optimization Datasheet

This offering integrates multiple data-protection technologies and “always on” persistent protection to provide comprehensive coverage of the data stored on desktops and servers, as well as data in transit.


UrlScan v3.0 Released to the Web

UrlScan version 3.0 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests by rules that are set by the administrator. Filtering the requests helps secure the server by ensuring that only valid requests are processed.

Data Encryption Toolkit for Mobile PCs

Benefit from tested guidance and powerful tools to help you protect your most vulnerable information - the data residing on your laptops. This toolkit shows you how to use two key encryption technologies: BitLocker Drive Encryption, which is included with specific versions of Windows Vista, and the Encrypting File System, which is included with Windows XP Professional and Windows Vista.

Security Compliance Management Toolkit

This toolkit provides you with best practices to plan, deploy, monitor and remediate a security baseline for your organisation. It also offers a proven method that you can use to effectively monitor the compliance state of a security baseline for Windows Vista, Windows XP Service Pack 2 (SP2) and Windows Server 2003 SP2.

Podcast: BitLocker Drive Encryption

In this podcast, Paul Cooke, Director in the Windows Client division specialising in security, discusses BitLocker Drive Encryption, and how it has been extended in Windows Vista SP1.

Podcast: Advanced Group Policy Podcast

Learn how to effectively use the new Group Policy objects in Windows Vista to improve manageability and strengthen security with this podcast by Derek Melber, author, IT consultant and Microsoft MVP for Group Policy.

October 2008 Security Release ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on October 14th, 2008.

Enterprise Library 4.1--October 2008

Microsoft Enterprise Library is a collection of reusable application blocks designed to assist software developers with common enterprise development challenges. This release includes: Caching, Cryptography, Data Access, Exception Handling, Logging, Policy Injection, Security, Validation, and Unity.

Data Encryption Toolkit

This toolkit is intended to help you secure the data on your organization’s mobile PCs--in a cost-effective way--using Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker) technologies.


Visit TechNet Spotlight:

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

Microsoft Security Webcast Series: Upcoming and On-Demand

Security Webcast Calendar

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

Register for the following Webcasts on the link above

How Microsoft does IT: Managing Network Access Protection (Level 300)

Tuesday, November 11, 2008 9:30 AM Pacific Time

Network Access Protection (NAP) is a powerful new Windows Server 2008 feature that can help protect networks from malicious software (malware) and other threats. This webcast explains how organizations can use NAP to institute requirements for accessing a network, create policies that check for compliance with those requirements, and update and manage devices that are not in compliance. Join us to learn how Microsoft IT manages NAP within Microsoft and how organizations can leverage this feature to report on health policy compliance, and to take action to address identified risks.

On-Demand Security Webcasts

New or updated KB’s

Microsoft Internet Security and Acceleration Server

Error 0x80072020 installing ISA Configuration Storage Server



Security Help and Support for IT Professionals

TechNet Troubleshooting and Support Page

Microsoft Security Glossary

TechNet Security Center

MSDN Security Developer Center

Midsize Business Security Center

Sign-Up for the Microsoft Security Notification Service

Security Bulletin Search Page

Home Users: Protect Your PC

MCSE/MCSA: Security Certifications

Subscribe to TechNet

Register for TechNet Flash IT Newsletter

Register for the UK MSDN Flash Newsletter