July 2008 – Technical Rollup Mail – Security


Security Compliance Management Toolkit Now Available http://go.microsoft.com/?linkid=9069633

This toolkit provides you with best practices for planning, deploying, monitoring, and remediating a security baseline for your organization. The toolkit offers a proven method that you can use to effectively monitor the compliance state of a security baseline for the Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows Server 2003 with SP2 operating systems.


Introducing the Microsoft Forefront Integration Kit for Network Access Protection http://go.microsoft.com/?linkid=9069634

Microsoft Forefront Client Security and Network Access Protection together provide an additional defense-in-depth layer against malicious attacks and give administrators a significant degree of control over the security and health of networked computers. This kit includes a Forefront Client Security system health agent (SHA) and system health validator (SHV) Deployment Guide, SHV and SHA components for 32-bit and 64-bit platforms, and supplementary materials.


Try System Center Mobile Device Manager 2008 Today http://go.microsoft.com/?linkid=9069635

Download the 120-day trial software to see firsthand how Microsoft System Center Mobile Device Manager 2008 with the Windows Mobile 6.1 operating system can help to improve mobile device security, simplify management, and lower costs.


Beta Opportunity: Forefront Security for Office Communications Server  http://go.microsoft.com/?linkid=9069636

Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners and helps reduce corporate liability by blocking IM messages containing inappropriate content. Download the beta and try it for yourself.


MS08-030 Re-released for Windows XP SP2 and SP3 http://www.microsoft.com/technet/security/Bulletin/MS08-030.mspx

This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for all supported editions of Windows XP and Windows Vista.


Security Advisory 954474: Deployment Issue affecting System Center Configuration Manager 2007 servers with SMS 2003 http://www.microsoft.com/technet/security/advisory/954474.mspx

Microsoft has completed the investigation into public reports of a non-security issue that affects environments with all supported versions of System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft has confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954474. Microsoft encourages customers affected by this issue to review and install this update.


Microsoft Security Bulletin Summary for June, 2008



Search for previous security bulletins http://go.microsoft.com/?linkid=3992478


Security Bulletin Feed http://go.microsoft.com/?linkid=3992479 RSS http://go.microsoft.com/?linkid=3992480



Explore the Security Development Lifcycle (SDL) http://msdn.microsoft.com/en-us/security/cc448177.aspx  

The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, SDL has played a critical role in embedding security and privacy into Microsoft software and culture. Combining a holistic and practical approach, SDL introduces security and privacy early and throughout the development process. It has led Microsoft to measurable and widely recognized security improvements in flagship products such as Windows Vista and SQL Server. As part of its commitment to supporting a more secure and trustworthy computing ecosystem, Microsoft is making SDL process guidance, tools and training available for every developer.


Windows Server 2008 in an Organization’s Defense-in-Depth Strategy http://go.microsoft.com/?linkid=9069637

Get an overview of the different security features and enhancements in Windows Server 2008 and learn how you can use them in your organization's defense-in-depth strategy.


Application Lockdown with Software Restriction Policies  http://go.microsoft.com/?linkid=9069638

When you want to reduce the total cost of ownership of the workstations in your organization, application lockdown can be a great help, helping you to limit IT issues related to unsupported applications. See how you can use software restriction policies and Group Policy to control the applications that are run throughout your IT infrastructure.


Windows Vista Security Policy Settings http://go.microsoft.com/?linkid=9069639

Security policy settings are among the settings that are contained in Group Policy objects (GPOs) in Windows Vista. Learn about the new security policy settings for Windows Vista and about those that have changed from Windows XP.


Why Physical Security Is Important http://go.microsoft.com/?linkid=9069640

The physical security of your server computers is an important but often overlooked part of the entire security checklist. Read this article for reminders on how to help prevent unauthorized personnel from gaining access to the physical computers, as well as for tips and tricks.


Plan Security Hardening for Extranet Environments http://go.microsoft.com/?linkid=9069641

Learn about the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network.


Network Access Protection in Configuration Manager 2007 http://go.microsoft.com/?linkid=9069642

The Microsoft System Center Configuration Manager 2007 Network Access Protection (NAP) feature provides a set of tools and resources that can enforce compliance of software updates on client computers to help protect the integrity of your enterprise network. Get detailed information about planning, configuring, managing, monitoring, and troubleshooting NAP.


Validating ASP.NET Query Strings http://go.microsoft.com/?linkid=9069643

The query string is a potential vehicle for attack on pages that have security holes. The QueryString module presented in this article requires no coding in source pages and automatically checks the posted query string against a given schema that is saved in a separate XML file. This means there’s one more built-in barrier against attackers but with zero impact on existing code.


Payment Card Industry Data Security Standard Compliance Planning Guide http://go.microsoft.com/?linkid=9069644

Intended for merchants who accept payment cards, financial institutions that process payment card transactions, and service providers—third-party companies that provide payment card processing or data storage services—this guide is designed to help organizations meet Payment Card Industry Data Security Standard (PCI DSS) requirements.


Read our Microsoft Security Intelligence Report - Volume 4 (July through December 2007): http://go.microsoft.com/fwlink/?LinkId=116450

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Each individual report focuses on data and trends observed in either the first or second half of each calendar year and uses historical data to provide context. The purpose of the SIR is to keep Microsoft’s customers informed of the major trends in the threat landscape and to provide valuable insights and security guidance designed to help customers improve their security posture in the face of these threats.


How Microsoft Deployed and Manages Microsoft Forefront Client Security http://www.microsoft.com/downloads/details.aspx?FamilyID=4664e8b7-5eca-4ea1-ae69-898f9d6503bc

Microsoft IT details the planning, deployment, and ongoing management of the largest currently deployment of Forefront Client Security with a supported node population of 40,000.


WFAS Design Guide http://www.microsoft.com/downloads/details.aspx?FamilyID=e4a6d0d6-c8c3-414a-ad61-abce6889449d

This guide helps you design Windows Firewall with Advanced Security settings and rules that meet your goals for network security.


Ministry of Foreign Affairs of Denmark Windows Vista Deployment Case Study http://www.microsoft.com/downloads/details.aspx?FamilyID=53c5f76e-bc26-46c0-8658-5da0dc2f988a

When the Danish Foreign Ministry selected Windows Vista® Enterprise as its new IT platform, the IT pros involved knew that deployment would present challenges—just as the deployment of other operating systems had in the past. This case study explores the problems encountered and the solutions created to ensure a successful deployment.



Security Tools: Assess vulnerabilities and strengthen security with these tools and technologies http://technet.microsoft.com/en-gb/security/cc297183.aspx


Federal Information Processing Standard (FIPS) 140-2 support for WLAN on Microsoft Windows Vista Service Pack 1/ Windows Server 2008

Helps users configure the FIPS 140-2 cryptography mode for wireless client computers running Microsoft Windows Vista Service Pack 1 with manageability support on Microsoft Windows Server 2008


Extended Security Update Inventory Tool http://www.microsoft.com/downloads/details.aspx?FamilyID=2c93da1d-48a0-4e5c-991f-87e08954f61b

The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.


Windows Malicious Software Removal Tool x64 http://www.microsoft.com/downloads/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.


Windows Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.


SCAP Conversion Tool for DCM http://www.microsoft.com/downloads/details.aspx?FamilyID=22e5b9a0-fa7b-4d43-bcea-7084ae6f40f5

The SCAP Conversion Tool for DCM converts Security Content Automation Protocol (SCAP) files into DCM Configuration Packs and indicates gaps in a log file that can result from the conversion process. Use the Configuration Packs in combination with the desired configuration management (DCM) feature in Microsoft System Center Configuration Manager 2007 to monitor compliance with the SCAP baseline.


Security Compliance Management http://www.microsoft.com/downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e

The toolkit provides best practices from Microsoft about how to plan, deploy, monitor, and remediate a security baseline. The toolkit includes 12 Configuration Packs that you can use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 to monitor Windows Vista®, Windows® XP Service Pack 2 (SP2), and Windows Server® 2003 SP2.


Microsoft Security Assessment Tool http://www.microsoft.com/downloads/details.aspx?FamilyID=6d79df9c-c6d1-4e8f-8000-0be72b430212

The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.


Forefront-NAP Integration Kit http://www.microsoft.com/downloads/details.aspx?FamilyID=b3c592b4-e78f-4d2c-860b-a001b9e6d26c

This Solution Accelerator provides a way for two Microsoft technologies to work together: Forefront Client Security and Network Access Protection (NAP).


Win Server 2008 Security Configuration Wizard and SC Config Mgr 2007 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyID=8a08a66b-ea5b-423f-9c5d-04205f5a25ef

Use the Configuration Manager Security Configuration Wizard template to add the Microsoft® Configuration Manager 2007 SP1 site systems to the Windows Server 2008 Security Configuration Wizard (SCW).


Forefront™ Codename "Stirling" VHDs http://www.microsoft.com/downloads/details.aspx?FamilyID=d4c3410f-11f0-42b8-9da7-b826d243536b

This download comes as pre-configured VHDs. This download enables you to evaluate Microsoft Forefront Codename "Stirling".


June 2008 Security Releases ISO Image http://www.microsoft.com/downloads/details.aspx?FamilyID=0b6c5f73-e661-4b2f-8aca-d90f4179f39f

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on June 10th, 2008.



TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200)


Wednesday, July 09, 2008 11:00 A.M.-12:00 P.M. Pacific Time


TechNet Webcast: How Microsoft does IT: Structured Active Directory Schema Management at Microsoft (Level 300)


Tuesday, July 15, 2008 9:30 A.M.-10:30 A.M. Pacific Time


Visit TechNet Spotlight: www.microsoft.com/technetspotlight   

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more


Microsoft Security Webcast Series: Upcoming and On-Demand


Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910 

Find security webcasts listed in an easy-to-use calendar format.


Upcoming Security Webcasts



Register for the following Webcasts on the link above



On-Demand Security Webcasts




Security MVP of the Month: Alberto Oliveira http://go.microsoft.com/?linkid=9069645

Alberto Oliveira is an experienced information security consultant with more than 10 years in the industry. He holds numerous certifications including MCSA/MCSE Security 2000 and 2003, MCT, MCP in Microsoft Internet Security and Acceleration (ISA) Server 2000 and ISA Server 2004, CompTIA professional Security+, and Symantec SCTA. Alberto currently works for Microsoft Gold Certified Partner Lanlink and is an active member in the TechNet forums. He also participates in sessions related to security and ISA Server at numerous events.


MVP Article of the Month: Defense in Depth Using Microsoft Security Products and Solutions http://go.microsoft.com/?linkid=9069647

By Alberto Oliveira, Microsoft Forefront MVP and Yuri Diogenes, Security Support Engineer, Microsoft ISA and IAG Team Achieving security without sacrificing usability, flexibility, and connectivity from anywhere is one of the biggest challenges that companies face today. This article looks at in-depth defense strategy from the perspective of the most important layers of security and indicates which products Microsoft provides to help make networks, applications, and data more secure.


IT Pro Security Community http://go.microsoft.com/?linkid=8891864

Security Newsgroups http://go.microsoft.com/?linkid=8891865

Related Communities http://go.microsoft.com/?linkid=8891866


Sign up for the Security Newsletter http://go.microsoft.com/?linkid=8687612

Visit the TechNet Security Centre http://go.microsoft.com/?linkid=8687613


Comments (0)

Skip to main content