November 2010–Technical Rollup Mail–Security


Microsoft Security Intelligence Report Version 9 Now Available

Covering the first half of 2010 (January 1 - June 30), Volume 9 of the Security Intelligence Report includes intelligence on botnets and how to combat this threat, details on botnet and malware infection rates worldwide, and the latest security data and trends analysis captured by Microsoft security analysts. Also included are recommended techniques to protect your organization, software, and people.

Introducing the IT Compliance Management Series
Designed to help eliminate the murkiness of IT governance, risk, and compliance (GRC), the IT Compliance Management Series is designed to help bridge the knowledge gap for IT pros by translating auditor expectations and IT GRC authority document requirements into real IT tasks through the use of control activities that are specific to a particular technology or platform.

IT GRC Process Management Pack (PMP) for System Center Service Manager
Get end-to-end compliance management and automation for desktop and datacentre computers including tools to translate complex regulations and standards into authoritative control objectives and control activities for your organization’s IT compliance program.

Active Directory Federation Services 2.0: Open Doors to the Cloud
Explore how the new Microsoft Active Directory Federation Services release promises to up the ante on cloud security.

Microsoft Security Bulletin Summary for Oct, 2010

Security Bulletin Overview for October 2010

Microsoft Security Response Center (MSRC) Blog Post

Windows Media Video (WMV)

Windows Media Audio (WMA)

iPod Video (MP4)

MP3 Audio

High Quality WMV (2.5 Mbps)

Zune Video (WMV)

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site

See a List of Supported Service Packs

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.

Forefront TMG and ISA Server

Forefront Security TechCenter

Please note that if you have feedback on documentation or wish to request new documents - email

Forefront Threat Management Gateway 2010 homepage

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog ( is updated on a regular basis. Latest entries include:

Unable to download files through Forefront TMG 2010 when Malware Inspection is Enabled

Forefront TMG/UAG Help Wanted at Microsoft in Reading, UK and Munich, Germany

Expect the unexpected… Failed Connection 995 and 64 with SSL Traffic

TMG Reports stop working after installing TMG 2010 SP1

How to determine which version of TMG 2010 is installed

The « test rule » button fails with error “Failed to get domain controller name for this published server”

The Exchange Edge default Receive connector gets unexpectedly disabled even though the Email policy is not configured

TMG is Unable to Listen on Port 80 (no IIS was not installed)

Understanding Performance Impact of Fast Trickling Option on TMG 2010

Forefront Unified Access Gateway & Intelligent Application Gateway 2007

Forefront Unified Access Gateway 2010 Technical Resources

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog ( is updated on a regular basis. Latest entries include:

Forefront UAG 2010 – Update 2

Announcing Forefront UAG 2010 Service Pack 1

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.




Security Tip of the Month: How to Deploy Your First Windows Azure Application: Step by Step
Watch a step-by-step demonstration on how to deploy a new Windows Azure Web Role Application to the Cloud in Azure Platform, create a new Azure Storage Service for the application's data access, create a new Azure Hosted Application Service, configure and publish the Web Role Application's package and configuration, and deploy the application to Azure staging and production environments.

Patterns & practices: Cloud Security Approach in a Nutshell the cornerstone concepts that lay a foundation for Microsoft's patterns & practices Cloud Security approach. Microsoft's patterns & practices represent applied engineering guidance that includes both production quality source code and documentation.

Building Applications that Use AppFabric Access Control Windows Azure AppFabric Access Control (AC) service can be accessed from any Web service platform including .NET Framework, WCF, Silverlight, ASP.NET, Java, Python, Ruby, PHP, and Flash. Learn how Web services can rely on AC for authentication and authorization, and how to use AC in your applications.

Security Talk: Windows Azure Security - A Peek Under the Hood out how Windows Azure is structured to accept software and configuration requests from customers, deploy the software within virtual machines, and allocate storage and database resources to hold a persistent state-all while maintaining a minimal attack surface and several layers of defense in depth. This presentation also offers insight on how Windows Azure security compares with systems operated on a customer's premises.

Compliance Reporting: First Step in Controlling Client Cloud Access steps on how to improve your auditing and compliance reporting by using Access Protection (NAP) with IPsec connectivity technologies like DirectAccess to control client access.

Security Best Practices for Developing Windows Azure Applications this paper for details on the security challenges and recommended approaches to design and develop more secure applications for Microsoft's Windows Azure platform.

How to Use AppFabric to Provide Access Control for a Cloud Application Azure's AppFabric provides a foundation for rich cloud-based service and access control offerings. Join Hilton Giesenow, host of The Moss Show SharePoint Podcast, as he takes you through getting started with Windows Communication Foundation (WCF) services and the Windows Azure platform AppFabric ServiceBus component to extend WCF services into the cloud.

Cloud Cover Episode 8 - Shared Access Signatures how to create and use Shared Access Signatures (SAS) in Windows Azure blob storage and discover how to easily create SAS signatures yourself.

Cloud Cover Episode 15 - Certificates and SSL out how certificates work in Windows Azure and how to enable Secure Sockets Layer (SSL) protocols. Also discover a tip on uploading public key certificates to Windows Azure.

Cloud Security: Safely Sharing IT Solutions ways to share IT solutions between the fixed cost of local resources and the variable cost of cloud resources without losing control of access to enterprise assets.


Data Governance - Managing Technological Risk

Discusison of the core data governance capabilities related to technology.

Data Governance - A Capability Maturity Model

This paper presents a blueprint for organizations to implement the capabilities needed to establish a successful DGPC program.

Microsoft Anti-Cross Site Scripting Library V4.0

AntiXSS 4.0 helps you to protect your applications from cross-site scripting attacks.

Microsoft Office Protocol Documentation

The Office protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in the Microsoft Office system.

Microsoft and Data Privacy

This paper examines trends in the evolving data management landscape and describes how Microsoft is providing leadership in protecting individuals’ personal information.

Microsoft SharePoint Products and Technologies Protocol Documentation

The Microsoft SharePoint Products and Technologies protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in SharePoint Products and Technologies.

Microsoft and Data Breach Notification

Microsoft and Data Breach Notification

TwC Enterprise Data Governance White Paper

Private enterprise privacy white paper, providing Microsoft's perspective on the role that technology plays in helping enterprises responsibly protect and manage personal information.

Data Governance White Paper

Data Governance White Paper

IT GRC Process Management Pack for System Center Service Manager

The Microsoft® IT GRC Process Management Pack for System Center Service Manager(SCSM) provides end-to-end compliance management and automation for desktop and datacenter computers. Deeply integrated with SCSM the IT GRC Process Management pack translates complex regulations and standards into authoritative control objectives and control activities for the IT organization’s compliance program.

A Guide to Data Governance for Privacy, Confidentiality, and Compliance

Data governance is an approach that public and private entities can use to organize one or more aspects of their data management efforts, including business intelligence (BI), data security and privacy, master data management (MDM), and data quality (DQ) management. This series describes the basic elements of a data governance initiative for privacy, confidentiality, and compliance.

Data Governance - People and Process

This paper examines the People and Process core capability areas required to enable Data Governance for Privacy, Confidentiality and Compliance.

Microsoft and Data Breach Notification: Guidance for Enterprise Organizations

Document presenting data breach risks and concerns for organizations, and guidance for responding to a data breach.

Privacy Guidelines for Developing Software Products and Services

This document is a set of privacy guidelines for developing software products and services that are based on our internal guidelines and our experience incorporating privacy into the development process.

IT Compliance Management Series

The IT Compliance Management Series—a combination of IT Compliance Management Libraries for Windows Server 2008, Windows Server 2008 R2, Windows 7, and Microsoft System Center—provides prescriptive guidance that helps IT pros configure Microsoft products to address specific IT governance, risk, and compliance (GRC) requirements.

September 2010 Security Release ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 14th, 2010.

Microsoft Business Ready Security Trial Environment (4.0c)

The Microsoft Business Ready Security trial environment provides an end to end trial experience across all of the Business Ready Security solutions. The environment provides an opportunity to evaluate protection, access, management and identity technologies as a pre-configured set of VHDs.

Microsoft Security Essentials

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

FIM 2010 Planning and Architecture Collection

The Planning and Architecure Collection contains information for capacity and topology planning for a FIM 2010 deployment.

Security Update for Microsoft Silverlight (KB978464)

This security update to Silverlight includes fixes outlined in KB 978464.

Information Rights Management in Office for Mac 2011 Deployment Guide

The Information Rights Management in Office for Mac 2011 deployment guide is for IT managers, system administrators, or other people who are responsible for testing IRM implementation in Office for Mac.

Communicator for Mac 2011 Deployment Guide

Intended for IT Professionals, the Microsoft Communicator for Mac 2011 Deployment Guide provides guidance for using Microsoft Communicator for Mac 2011 with Microsoft Office Communications Server 2007 R2.

Defend Your Computer Consumer Brochure

Brochure offering guidance on building your computer's defenses, avoiding being tricked into downloading malware, and what to do if your computer is not running as usual.

Botnets: Guidance for Governments

One page document for policymakers and their influencers addressing Microsoft's approach to the problem of botnets.

Microsoft Security Intelligence Report volume 9 (January - June 2010)

This is the ninth volume of the Microsoft Security Intelligence Report

SDL Regex Fuzzer

SDL Regex Fuzzer is a tool to help test regular expressions for potential denial of service vulnerabilities.

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Privacy in the Cloud Computing Era: A Microsoft Perspective

Microsoft’s perspective on cloud computing and privacy. (US English)

Cloud Computing Security Considerations

This paper provides a high-level discussion of the fundamental challenges and benefits of cloud computing security, and raises some of the questions that cloud service providers and organisations using cloud services need to consider when evaluating a new move, or expansion of existing services, to the cloud.

Security in Cloud Computing - A Microsoft Perspective

This paper examines, at a high level, the changes that this evolution will likely bring to computer security and includes benefits as well as challenges.

How Microsoft Reduces Operational Risk through Business Continuity Management

Business Continuity Management (BCM) equips Microsoft IT with operational intelligence to enhance their decision-making processes, manage risk, and gain a competitive advantage in preparation for adverse situations. Microsoft IT implements BCM frameworks within the company to ensure maximum employee safety and continued critical business processes and system availability with the goal of minimizing adverse impacts to Microsoft employees, customers, partners, and stakeholders.

Forefront Unified Access Gateway (UAG) Server Pack One (SP1) Release Candidate (RC)

The release candidate version of Forefront Unified Access Gateway (UAG) Server Pack One (SP1) provides a number of new features, including support for publishing ADFS 2.0; an improved Forefront UAG DirectAccess experience; one-time password (OTP) authentication for DirectAccess clients, and integration of Forefront UAG Update 1 and Update 2.

Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook®

The Junk E-mail Reporting Tool lets you directly report junk e-mail to Microsoft and its affiliates for analysis to help us improve the effectiveness of our junk e-mail filtering technologies.


Security Webcast Calendar

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

Register for the following Webcasts on the link above

TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200)

Wednesday, November 10, 2010 10:00 A.M.-11:30 A.M. Pacific Time

TechNet Webcast: Using the Microsoft Security Intelligence Report v9 (Level 200)

Monday, November 01, 2010 10:00-11:00 A.M. Pacific Time

On-Demand Security Webcasts

Visit TechNet Spotlight

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more