May 2008 – Technical Rollup Mail – Security



Building Security into Windows Vista and the Microsoft Culture

By Michael Howard, Principal Security Program Manager, Microsoft Corporation At the end of the day, you improve security by focusing on security. Explore how — and, more importantly, why — the Security Development Lifecycle (SDL) has resulted in a reduction in vulnerabilities across major Microsoft products, including Windows Vista.


Security Tip of the Month: Laying the Foundation for the Microsoft Security Development Lifecycle: Implementing the Principles

By Jeremy Dallman, Security Program Manager, Microsoft Security Engineering & Communications Learn how to establish a baseline architectural understanding of your application security, one that identifies critical weaknesses and provides enough evidence to support the decision to move forward with a full SDL adoption.


Microsoft Security Development Lifecycle (SDL) – Detailed Process Guidance Now Available!

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.


News from RSA: Microsoft’s Vision for a More Trusted Internet

Read Microsoft’s End to End Trust whitepaper and join an online discussion forum about building a more secure and privacy enhanced Internet.


Try System Center Mobile Device Manager Today

See firsthand how Microsoft System Center Mobile Device Manager with Windows Mobile 6.1 can help improve mobile device security, simplify management, and lower costs. Download the 120-day Trial Evaluation software.


Forefront Codename “Stirling” Beta Now Available for Download

Microsoft Forefront codename “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, server applications, and the network edge. It provides simplified management and critical visibility that make security easier to manage and control. Register today and you’ll automatically receive access to valuable beta resources throughout the evaluation experience.


Evaluate Microsoft Security Products and You Could Win a Windows Home Server

Download a free trial or take a virtual lab of Forefront Client Security, Forefront Security for Exchange Server or Forefront Security for SharePoint and be entered for a chance to win great prizes. Find out more at Evalu’08


Microsoft Security Bulletin Summary for April, 2008 


Search for previous security bulletins 


Security Bulletin Feed  RSS




Improve Security through Meaningful Security Policies

This article discusses how policies are designed to control human risk factors, the reasons why policies sometimes fail, and best practices for effective security policies.


The Security Risk Management Guide

This guide helps you plan, build and maintain a successful security risk management programme. In a four phase technology-agnostic process, the guide explains how to build an ongoing process to measure and drive security risks to an acceptable level.


Lessons Learned from Five Years of Building More Secure Software

Learn about prioritizing code by age, using analysis tools and automation, looking at threats from multiple angles, and the importance of education.


Eight Simple Rules for Developing More-Secure Code

This article presents that list of habits shared by developers of secure code. From taking responsibility to using the best tools available, these habits can help make you a more secure developer.


Protecting Your Code with Visual C++ Defenses

Read about some of the buffer overrun defenses available in Visual C++ 2005 and beyond.


Discover HelloSecureWorld provides a powerful experience for promoting security awareness and education in the developer community by surfacing existing content as well as new.




Security White Papers

Security white papers that address the specific security needs of particular industries, such as the professional services and financial services industries.


Microsoft Forefront Client Security BPA

Best Practices Analyzer for FCS v1.0


Security Features in Microsoft Online

This white paper describes how the Microsoft concern for security, as defined in the Trustworthy Computing initiative, has driven key features in the design, deployment, and operation of the Microsoft Online Services environment.


Ensuring Security Baseline Compliance using DCM

The Security Compliance Management Beta provides authoritative, supportable tools and prescriptive guidance to help organizations conduct and validate security compliance checks against established baselines from Microsoft.


Starter Group Policy Objects (GPOs)

Starter Group Policy objects (GPOs), introduced in Group Policy for Windows Server 2008, are collections of configured Administrative template (.admx) policy settings that you can use to create a live GPO. Each of the two packages in this download contains four starter GPOs.


Update for Microsoft Office Outlook 2007 Junk Email Filter (KB949037)


Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64


Microsoft® Windows® Malicious Software Removal Tool (KB890830)


Update for Windows Mail Junk E-mail Filter for x64-based Systems [April 2008] (KB905866)


Microsoft® Forefront™ codename “Stirling” Beta

Microsoft® Forefront™ codename “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging and collaboration servers and the network edge that is easier to manage and control.


Extended Security Update Inventory Tool

The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.


April 2008 Security Releases ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 8th, 2008.


Security Development Lifecycle (SDL) Guidance


Windows Server 2008 Security & Compliance Technologies


Microsoft Forefront Security for SharePoint with Service Pack 2

Forefront Security for SharePoint with Service Pack 2 helps business protect their Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content.


Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista

A list of all security audit events for Windows Server 2008 and Windows Vista


Public Key Infrastructure (PKI) for Security Solutions Datasheet

This offering uses the customer’s existing investments in Microsoft technologies to create an internal PKI solution that corresponds to the customer’s needs.


Foundation Network Companion Guide: Deploying Computer and User Certificates

This companion guide to the Foundation Network Guide provides instructions for deploying client computer and user certificates with Active Directory Certificate Services (AD CS).


Identity Lifecycle Management (ILM) Datasheet

This offering uses Microsoft Identity Integration Server (MIIS) 2003 and best practices to simplify digital identity management and maintain data integrity.


Microsoft Security Intelligence Report (July – December 2007)


Implementing and Administering Certificate Templates in Windows Server 2008

This document provides concepts, procedures, and best practices for designing, administering, and implementing certificate templates.


Internet Security and Acceleration (ISA) Server 2006 180-Day Trial Version

ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data. ISA Server 2006 is available for download in both Standard Edition and Enterprise Edition.


BitLocker Recovery Password Viewer for Active Directory Users and Computers tool

The Bitlocker Active Directory Recovery Password Viewer helps to locate BitLocker Drive Encryption recovery passwords for Windows Vista- or Windows Server 2008- based computers in Active Directory Domain Services (AD DS).


BitLocker Repair Tool

The BitLocker Repair Tool can assist administrators in recovering data from a corrupted or damaged disk volume that was encrypted with BitLocker.


Group Policy Documentation Survival Guide

This document provides links to documentation and other technical information for Group Policy in Windows Server 2008.


BitLocker Drive Preparation Tool

The BitLocker Drive Preparation Tool configures the hard disk drives in your computer properly to support enabling BitLocker.


Microsoft Exchange Server 2007 Protocol Documentation

The Microsoft Exchange Server 2007 Protocol technical documentation set provides technical specifications for Microsoft protocols, and Microsoft extensions to industry-standard or other published protocols that are implemented and used in Microsoft Exchange Server 2007.




Microsoft Security Webcast Series: Upcoming and On-Demand


Security Webcast Calendar 

Find security webcasts listed in an easy-to-use calendar format.


Upcoming Security Webcasts 


Register for the following Webcasts on the link above


TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200)

Wednesday, May 14, 2008 11:00 A.M.-12:00 P.M. Pacific Time


IT Manager Webcast: How Microsoft IT Does Patch Management (Level 200)

Thursday, May 22, 2008 11:30 A.M.-12:30 P.M. Pacific Time


TechNet Webcast: Managing Windows Server 2008 with Server Manager (Level 200)

Thursday, May 22, 2008 11:30 A.M.-12:30 P.M. Pacific Time


IT Manager Webcast: How Microsoft IT does Secure Application Development (Level 200)

Thursday, May 29, 2008 11:00 A.M.-12:00 P.M. Pacific Time


On-Demand Security Webcasts  




Sign up for the Security Newsletter

Visit the TechNet Security Centre


Comments (0)