September 2011 - Technical Rollup Mail–Security


What is Security Science? Explore the proactive work that Microsoft's Trustworthy Computing group is conducting to help provide more secure, private, and reliable computing experiences for the individuals and companies who power today's computing ecosystem.


Global Cyber Supply Chain Management Microsoft recently published two white papers that expand on the principles outlined by Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, in his recent keynote address at the East-West Institute's Second Worldwide Cybersecurity Summit in London:

Cybersecurity Report: 84% Believe Risk is Higher than One Year Ago Gain valuable insight into how experts from around the world view the cybersecurity challenge and learn about the practical steps they pursue for everything from securing the undersea cables that carry over 99% of intercontinental Internet traffic to ensuring emergency communications after disasters.

Microsoft Security Bulletin Summary for August, 2011

Security Bulletin Overview for August 2011

Microsoft Security Response Center (MSRC) Blog Post

Windows Media Video (WMV)

Windows Media Audio (WMA)

iPod Video (MP4)

MP3 Audio

High Quality WMV (2.5 Mbps)

Zune Video (WMV)

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site

See a List of Supported Service Packs

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.


Security Tip of the Month: Lync Edge Server Security While Microsoft Lync Server 2010 uses many standard security measures, you can configure it for additional levels of protection. Get guidance on enforcing network isolation, designing firewall rules, bracing for denial of service (DoS) attacks, and more.

Microsoft Security Compliance Manager Assess, configure, and manage all your organization's security baselines in one centralized location. The Security Compliance Manager (SCM) tool provides security configuration recommendations from Microsoft, centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft products.

Data Classification Toolkit for Windows Server 2008 R2 Get the help you need to properly identify, classify, and protect data across targeted file servers in your organization with the Data Classification Toolkit for Windows Server 2008 R2. This toolkit also provides classification and rule examples to help you build and deploy policies to protect critical information in a cost-effective manner.

SDL Threat Modeling Tool 3.1.8 A core element the Microsoft Security Development Lifecycle (SDL), this tool helps development teams define a product's default and maximum attack surface during the design phase and helps reduce the likelihood for exploitation. Download it today and get additional guidance on threat modeling with the Microsoft SDL Starter Kit.

MiniFuzz File Fuzzing Tool Download this basic testing tool to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.


MiniFuzz basic file fuzzing tool

MiniFuzz is a very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.

SDL Threat Modeling Tool 3.1.8

The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle.

Data Classification Toolkit for Windows Server 2008 R2

This Solution Accelerator is designed to help enable an organization to identify, classify, and protect data on their file servers. The out-of-the-box classification and rule examples help organizations build and deploy their policies to protect critical information.

Active Directory Certificate Services (AD CS)

This download center location contains information related to administering Active Directory Certificate Services (AD CS)


Security Webcast Calendar

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

Register for the following Webcasts on the link above

TechNet Webcast: Information about Microsoft Security Bulletins for September (Level 200)

Wednesday, September 14, 2011 11:00 A.M.-12:00 P.M. Pacific Time

On-Demand Security Webcasts

Visit TechNet Spotlight:

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more