September 2011 - Technical Rollup Mail–Security
What is Security Science? http://technet.microsoft.com/en-gb/edge/Video/hh269932.aspx Explore the proactive work that Microsoft's Trustworthy Computing group is conducting to help provide more secure, private, and reliable computing experiences for the individuals and companies who power today's computing ecosystem.
Global Cyber Supply Chain Management http://blogs.technet.com/b/security/archive/2011/07/26/global-cyber-supply-chain-management.aspx Microsoft recently published two white papers that expand on the principles outlined by Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, in his recent keynote address at the East-West Institute's Second Worldwide Cybersecurity Summit in London:
- "Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust" presents a set of key principles to enable governments and vendors to manage supply chain risk more effectively, and articulates the need for broad agreement.
- "Toward A Trusted Supply Chain: A Risk-Based Approach to Managing Software Integrity" provides a framework for the pragmatic assessment of Software Integrity risk management practices in the product development process and online services operations.
Cybersecurity Report: 84% Believe Risk is Higher than One Year Ago https://blogs.technet.com/b/security/archive/2011/08/05/cybersecurity-report-84-believe-risk-is-higher-than-1-year-ago.aspx Gain valuable insight into how experts from around the world view the cybersecurity challenge and learn about the practical steps they pursue for everything from securing the undersea cables that carry over 99% of intercontinental Internet traffic to ensuring emergency communications after disasters.
Microsoft Security Bulletin Summary for August, 2011
Security Bulletin Overview for August 2011
Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067
Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068
Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069
iPod Video (MP4) http://go.microsoft.com/?linkid=9683070
MP3 Audio http://go.microsoft.com/?linkid=9683071
High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072
Zune Video (WMV) http://go.microsoft.com/?linkid=9683073
Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804
See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805
Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.
Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.
Security Tip of the Month: Lync Edge Server Security http://technet.microsoft.com/en-gb/magazine/hh272676.aspx While Microsoft Lync Server 2010 uses many standard security measures, you can configure it for additional levels of protection. Get guidance on enforcing network isolation, designing firewall rules, bracing for denial of service (DoS) attacks, and more.
Microsoft Security Compliance Manager http://technet.microsoft.com/en-gb/solutionaccelerators/cc835245.aspx Assess, configure, and manage all your organization's security baselines in one centralized location. The Security Compliance Manager (SCM) tool provides security configuration recommendations from Microsoft, centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft products.
Data Classification Toolkit for Windows Server 2008 R2 http://www.microsoft.com/download/en/details.aspx?id=27123 Get the help you need to properly identify, classify, and protect data across targeted file servers in your organization with the Data Classification Toolkit for Windows Server 2008 R2. This toolkit also provides classification and rule examples to help you build and deploy policies to protect critical information in a cost-effective manner.
SDL Threat Modeling Tool 3.1.8 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=2955 A core element the Microsoft Security Development Lifecycle (SDL), this tool helps development teams define a product's default and maximum attack surface during the design phase and helps reduce the likelihood for exploitation. Download it today and get additional guidance on threat modeling with the Microsoft SDL Starter Kit.
MiniFuzz File Fuzzing Tool http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21769 Download this basic testing tool to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.
MiniFuzz basic file fuzzing tool
MiniFuzz is a very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.
SDL Threat Modeling Tool 3.1.8
The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle.
Data Classification Toolkit for Windows Server 2008 R2
This Solution Accelerator is designed to help enable an organization to identify, classify, and protect data on their file servers. The out-of-the-box classification and rule examples help organizations build and deploy their policies to protect critical information.
Active Directory Certificate Services (AD CS)
This download center location contains information related to administering Active Directory Certificate Services (AD CS)
Security Webcast Calendar
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
Register for the following Webcasts on the link above
Wednesday, September 14, 2011 11:00 A.M.-12:00 P.M. Pacific Time
On-Demand Security Webcasts
Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more