September 2006 - Technical Rollup Mail - Security
News
Messaging and Collaboration: Security Challenges and Solutions https://go.microsoft.com/?linkid=5394377
By Ryan McGee, Senior Security Product Manager, Microsoft Corporation
The typical business work force today is both mobile and collaborative. This article discusses the importance of a defence-in-depth strategy, which involves the use of multiple security technologies at multiple points in the network to reduce the overall probability that attacks can exploit business-critical resources or that information can be leaked outside the business.
Microsoft Completes Acquisition of Whale Communications https://go.microsoft.com/?linkid=5394378
Microsoft announced the completion of its acquisition of Whale Communications, a leader in Secure Sockets Layer virtual private network (SSL VPN) technology. The deal is particularly relevant for Microsoft Internet Security and Acceleration (ISA) Server users dealing with multiple remote-access security scenarios. To mark the close of the deal, Microsoft is providing a special price promotion for all current and new customers.
Forefront Security for Exchange Server Beta Now Available https://go.microsoft.com/?linkid=5394379
Microsoft Forefront Security for Exchange Server is the next version of Microsoft Antigen for Exchange and the first product available under the Microsoft Forefront business security product brand. The solution integrates tightly with Microsoft Exchange Server 2007 to provide advanced protection against e-mail threats, optimized server performance, and centralized management. Download the Forefront Security for Exchange Server beta today.
Exchange Server 2007 Beta 2 Available for Download https://go.microsoft.com/?linkid=5394381
Exchange Server 2007 Beta 2 is now available. It offers built-in features to help protect against spam and viruses as well as improvements that provide people in your organization with anywhere access to e-mail, voice mail, calendars, and contacts from a range of devices. Download or order the beta today, or visit the Exchange Server TechCenter to learn more.https://go.microsoft.com/?linkid=5394382
Windows Vista Security Blog https://go.microsoft.com/?linkid=5394383
Get the latest updates from the product team on what will make Windows Vista the most secure version of Windows yet. This blog, which features Security Technology Unit Corporate VP Ben Fathi, will make you aware of how Windows Vista is more secure, keep you updated on the latest developments, and give you a behind-the-scenes look at the development process from the people building the product.
Microsoft Windows Vista Security Advancements https://go.microsoft.com/?linkid=5394384
Microsoft has produced a white paper and on-demand video detailing the security advancements made in Windows Vista.
Learning Paths for Security: Reinforcing Perimeter Defense https://go.microsoft.com/?linkid=5244927
Learn about the latest integrated edge security technology and best practices for designing your perimeter network. We also provide insight on implementing perimeter defence, securing your Microsoft application infrastructure, improving your branch-office gateway environment, and delivering Web-access protection to help safeguard your IT environment from Internet-based threats. Included in this discussion is an in-depth preview of Internet Security and Acceleration (ISA) Server 2006, currently in beta.
New TechNet Magazine Now Available https://go.microsoft.com/?linkid=5394385
The new UK version of the TechNet Magazine is available for you to read! This new UK publication contains in-depth technical articles by the very best technical writers around, many of whom are consultants working with Microsoft in product development and testing. The new TechNet Magazine (UK edition) is truly the inside track on all things Microsoft. Subscribe now to receive your free copy of TechNet Magazine.
... And finally a bit of FUN - TechNet Search Supremo Quiz!! https://go.microsoft.com/?linkid=5394386
Do you know all there is to know about technology? Can you beat Search Supremo, the TechNet search champion? There are some great prizes up for grabs!
Microsoft Security Bulletin Summary for August, 2006
https://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx
Search for previous security bulletins https://go.microsoft.com/?linkid=3992478
Security Bulletin Feed https://go.microsoft.com/?linkid=3992479 RSS https://go.microsoft.com/?linkid=3992480
Developer
Protecting Against Pointer Subterfuge (Redux) https://go.microsoft.com/?linkid=5393186
Learn about changes in the algorithm used in Windows Vista to encode and decode long-lived pointers in memory to make them harder to exploit after a buffer overrun.
Security Briefs: Security in WCF https://go.microsoft.com/?linkid=5228466
Windows Communication Foundation provides three major protections confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.
The .NET Developer's Guide to Identity https://go.microsoft.com/?linkid=5228467
A roadmap for developers and architects who want to learn how to build identity-aware applications on the Windows platform. From authentication and authorization to federated identity, you'll discover techniques that can be used today and in the future.
Back from Black Hat https://go.microsoft.com/?linkid=5393187
“Microsoft Dynamics Writing Secure X++ Code" Paper Now Available https://go.microsoft.com/?linkid=5393188
An Introduction to Kernel Patch Protection https://go.microsoft.com/?linkid=5393189
Windows Vista Security Testing https://go.microsoft.com/?linkid=5393190
Documents
Security Tip of the Month: Improve the Security of Remote Access to Exchange Server with RPC over HTTP https://go.microsoft.com/?linkid=5394387
One of the most compelling features of Microsoft Exchange Server 2003 when combined with Microsoft Office Outlook 2003 is the ability to use the Remote Procedure Call (RPC) over HTTP feature. This article offers a description of this feature, a checklist of the minimum server requirements, and different deployment scenarios.
Tips and Tricks Guide to Secure Messaging https://go.microsoft.com/?linkid=5394388
Improve your messaging safety and productivity. This free eBook is a valuable resource for information on messaging security innovations and solutions, and it provides strategies for defending your e-mail infrastructure.
Solution Advisor https://go.microsoft.com/?linkid=5394389
The Solution Advisor is a tool that outlines a high-level Microsoft multilayered solution for your infrastructure and messaging needs. The tool creates a customized response by using information that you provide about such factors as company size, current messaging infrastructure, and the level of control you prefer to have over your messaging.
Microsoft Exchange Server 2003 Technical Library: Security and Protection https://go.microsoft.com/?linkid=5394390
Make your Microsoft Exchange Server 2003 system more secure and help protect your messages and data using the resources and tools offered in this library.
A Guide to Exchange Disaster Recovery Planning https://go.microsoft.com/?linkid=5394391
Learn about multiple strategies for making your Exchange deployment more reliable and available. This article covers recovery strategies, running Exchange on a Windows cluster, new recovery features in Exchange Server 2007, and more.
Microsoft Antigen User Guides https://go.microsoft.com/?linkid=5394392
Get detailed technical guidance on installing and working with Microsoft Antigen Enterprise Manager, Microsoft Antigen for Exchange, Microsoft Antigen for SMTP, and Microsoft Antigen Spam Manager. These guides will teach you how features like the Antigen Spam Manager provide sophisticated and robust spam detection and removal through the integration of technologies like the SpamCure anti-spam engine from Mail-Filters.
Antigen Case Studies https://go.microsoft.com/?linkid=5394393
Find out how other companies are using Antigen to meet their e-mail and collaboration security needs.
Downloads
Small Business Security Guidance
These papers can help secure Microsoft Windows-based computers in various small business environments. Information is included about how to automatically check for updates, configuring Windows Firewall, protecting laptop and portable computers, and securing Internet Information Services (IIS) 6.0.
IT Showcase: Optimizing Client Security by Using Windows Vista
Learn how Microsoft IT deployed an early version of Windows Vista to strengthen the security of the data network and data storage, and to provide improved defenses against the threats of unauthorized access and communications.
IT Showcase: BitLocker Drive Encryption
Loss of information can be damaging to the reputation and long term survival of an organization—resulting in lost revenue, weakened competitive advantage and reduction in customer confidence.
IT Showcase: Windows Vista User Account Control
Windows Vista makes it possible for organizations to deploy a more manageable and secure desktop in which end users can run as standard users (not administrators) and still be productive. User Account Control (UAC), a new set of features in Windows Vista, helps strike a balance between the flexibility and power of an administrator account and the security of a standard user account.
IT Showcase: Explorer 7 Protected Mode
Internet Explorer 7 Protected Mode, which runs only on Microsoft Windows Vista, is part of the continuing emphasis on improved browser security in Internet Explorer.
Microsoft Antigen for SMTP Gateways with Antigen Spam Manager Beta
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways and Antigen Spam Manager and provides server-level protection against the latest e-mail threats.
Microsoft Antigen for Exchange with Antigen Spam Manger Trial Software
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways and Antigen Spam Manager and provides server-level protection against the latest e-mail threats.
Server and Domain Isolation Using IPsec and Group Policy
This guide provides business-oriented justification as well as technical guidance for logically isolating servers and domains from certain types of network traffic through the use of IPsec filters and Group Policy.
Microsoft Forefront Security for Exchange Server
Beta 1 Release
Help protect your Exchange server from viruses and other malware
User Guide for Microsoft Forefront Security for Exchange Server
Beta 1 Release
Help protect your Exchange server from viruses and other malware.
How to Protect Insiders from Social Engineering Threats
This guide provides security management information about the threats posed by social engineering and the defenses that are available to help resist social engineering hackers.
Approaches to Fighting Spam in an Exchange Server Environment
A technical guide designed to provide the midsize business IT Pro/Generalist with approaches to fighting spam in an Exchange Server environment.
Approaches to Fighting Spam in an Exchange Server Environment
A technical guide designed to provide the midsize business IT Pro/Generalist with approaches to fighting spam in an Exchange Server environment.
Strategies for Managing Malware Risks
This management-level security guidance is policy oriented and focuses on managing the risk/benefit equation with regard to strategies for reducing malware in midsize businesses.
How to Protect E-mail Confidentiality in Regulated Industries
This security guidance is designed for anyone who is responsible for providing e-mail services in a midsize business. The solution in this paper enables different users in a midsize business environment to communicate with each other securely.
Introduction to Windows Firewall with Advanced Security
Learn how to manage Windows Firewall in Windows Vista through the Windows Firewall with Advanced Security Microsoft Management Control (MMC) snap-in, with Netsh commands, and with Group Policy.
Security Update for Windows Vista Beta 2 and Windows Codename Longhorn Server Beta 2 (x64 Editions) (KB917422)
A security issue has been identified in the Windows Kernel that could allow an attacker to compromise your Windows-based system and gain control over it.
Security Update for Windows Vista Beta 2 and Windows Codename Longhorn Server Beta 2 (KB917422)
A security issue has been identified in the Windows Kernel that could allow an attacker to compromise your Windows-based system and gain control over it.
Security Update for Windows Vista Beta 2 and Windows Codename Longhorn Server Beta 2 (Itanium-based Systems) (KB917422)
A security issue has been identified in the Windows Kernel that could allow an attacker to compromise your Windows-based system and gain control over it.
Microsoft Windows Server Update Services 3.0 Overview
This paper introduces Microsoft® Windows Server® Update Services (WSUS) 3.0 and provides information about features, and server and client computer requirements.
Step-by-Step Guide to Getting Started with Microsoft Windows Server Update Services 3.0
This guide provides instructions for getting started with Microsoft® Windows Server™ Update Services (WSUS) 3.0.
Readme for Microsoft Windows Server Update Services 3.0
This readme file describes known issues affecting Microsoft® Windows® Server Update Services 3.0 (WSUS 3.0) and includes recommendations and requirements for installing WSUS 3.0.
August 2006 Security Releases ISO Image
These ISO-9660 CD image files contain the security updates for Windows released on Windows Update on August 8th, 2006.
Microsoft Office v. X for Mac Security Update (2006-08-08)
This update fixes product vulnerabilities in Office v. X that an attacker can use to overwrite the contents of your computer's memory with malicious code.
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
August 08, 2006 Enterprise Update Scan Tool (standalone version)
Enterprise Update Scan Tool (standalone version) for detecting needed updates prescribed in the security bulletins released in August 2006. Addresses MS06-043.
Extended Security Update Inventory Tool
The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.
Events/WebCasts
Microsoft Security Webcast Series: Upcoming and On-Demand
Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
https://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Agility Now (Part 02 of 10): Making Identity and Access Management a Reality (Level 200)
Wednesday, September 13, 2006, 9:30 A.M.-11:00 A.M. Pacific Time
TechNet Webcast: Information About Microsoft September Security Bulletins (Level 200)
Wednesday, September 13, 2006, 11:00 A.M.-12:00 P.M. Pacific Time
TechNet Webcast: How Microsoft IT Defends Against Spam, Viruses, and E-Mail Attacks (Level 300)
Tuesday, September 19, 2006, 9:30 A.M.-10:30 A.M. Pacific Time
TechNet Webcast: Agility Now (Part 03 of 10): Making Identity and Access Management a Reality with Successful Implementation
Wednesday, September 20, 2006, 9:30 A.M.-11:00 A.M. Pacific Time
TechNet Webcast: Introduction to Terminal Services in Windows Server Code-Named "Longhorn"
Thursday, September 21, 2006, 1:00 P.M.-2:30 P.M. Pacific Time
On-Demand Security Webcasts
https://www.microsoft.com/events/security/ondemand.mspx
This content is for informational purposes only. Microsoft makes no warranties express or implied, as to the information in this document. If you are a customer of Microsoft, please refer to the terms and conditions which cover the provision of support and consulting services to you/your organization. If you are not corresponding in the course of, or in connection with a Microsoft contract or program with its own terms and conditions, please note that no liability is accepted by Microsoft for the contents of this document.
This TRM section was created by Mark Hawkins