February 2010 – Technical Rollup Mail – Security







 


News


 


Get Windows Identity Foundation http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083153&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Windows Identity Foundation helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with prebuilt security logic and integrated .NET tools. Users can benefit through single sign-on and seamless collaboration across organizational boundaries.


 


Active Directory Federation Services 2.0 Release Candidate Available http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083154&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Efficiently deploy and manage new applications by reducing custom implementation work, helping establish a consistent security model, and facilitating seamless collaboration between organizations with automated federation tools. Active Directory Federation Services 2.0 includes built-in interoperability via open industry standards and claims, and it implements the industry Identity Metasystem vision for open and interoperable identity.


 


Download the Microsoft Federation Extensions for Windows SharePoint Services 3.0 RC http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083155&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


With this release, federate existing SharePoint deployments, including Windows SharePoint Services 3.0 and Microsoft Office SharePoint Services 2007. Using this package, enterprise SharePoint administrators can configure their deployments to trust any WS-Federation security token service (STS), such as Active Directory Federation Services 2.0, so that an enterprise can take advantage of claims and offer their services to federation partners.


 


Windows CardSpace 2.0 Beta 2 Is Here http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083156&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Windows CardSpace 2.0 is the end-user component of the Microsoft user access platform for developers and IT professionals that helps simplify access to applications and other systems with an open claims-based model. The Beta 2 release has been refreshed with a variety of fixes and improvements for working seamlessly with Active Directory Federation Services 2.0. We’ve also improved interoperability and added a feature for automatic logon to the STS.


 


New Software Security Tools for Web Developers http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083157&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Check out the Community Technical Preview releases of three new tools for Web developers. Use CAT.NET 2.0 as a command-line, single-pass data flow engine and configuration rules engine. The Web Application Configuration Analyzer 1.0 scans your development environment against best practices for .NET security configuration, IIS settings, and Microsoft SQL Server security. And with the Web Protection Library, you can easily access libraries and runtime modules including Anti-XSS that provide coverage for issues such as SQL injection and cross-site request forgery.


 


Microsoft Security Bulletin Summary for January, 2010


http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx 


 


Microsoft Product Lifecycle Information


Find information about your particular products on the Microsoft Product Lifecycle http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12355452&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 Web site.


 


See a list of supported service packs http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12355453&s1=68628015-2ccc-cbc7-31b9-0e76c3415474: Microsoft provides free software updates for security and non-security issues for all supported service packs


 


Security Bulletin Overview for January 2010


 


Microsoft Security Response Center (MSRC) Blog Post http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083170&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Windows Media Video (WMV) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083171&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Windows Media Audio (WMA) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083172&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


iPod Video (MP4) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083173&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


MP3 Audio http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083174&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


High Quality WMV (2.5 Mbps) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083175&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Zune Video (WMV) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083176&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


 


Forefront Edge Security


 


Forefront Unified Access Gateway (UAG) 2010 is released!


We are proud to announce that Forefront Unified Access Gateway (UAG) 2010 is Released To Manufacturing (RTM).


http://blogs.technet.com/edgeaccessblog/archive/2009/12/24/forefront-unified-access-gateway-uag-2010-is-released.aspx


 


Customer Quotes & Case Studies


See what customers have to say about using Microsoft Forefront Threat Management Gateway 2010 to meet their security needs.


http://www.microsoft.com/forefront/threat-management-gateway/en/us/case-studies.aspx


 


Forefront TMG and ISA Server


 


Forefront Edge Security TechCenter


http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx


Please note that if you have feedback on documentation or wish to request new documents – email isadocs@microsoft.com


 


Forefront Edge Security Community


http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx


 


New Community Contributed Content includes:


Using Mail Protection with Exchange EdgeSync on Forefront TMG


http://technet.microsoft.com/en-gb/library/ee513174.aspx


 


Forefront TMG (ISA Server) Product Team Blog


The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:


 


Using Windows Server Update Service for the TMG Update Center


http://blogs.technet.com/isablog/archive/2009/11/28/using-windows-server-update-service-for-the-tmg-update-center.aspx


 


Announcing Discontinuation of URL Filtering for Forefront TMG Beta 3 Customers (only)


http://blogs.technet.com/isablog/archive/2009/12/06/announcing-discontinuation-of-url-filtering-for-forefront-tmg-beta-3-customers-only.aspx


 


The Whitepaper for Configuring and Troubleshooting NIS in Forefront TMG 2010 is Now Available


http://blogs.technet.com/isablog/archive/2009/12/08/the-whitepaper-for-configuring-and-troubleshooting-nis-in-forefront-tmg-2010-is-now-available.aspx


 


RRAS Ports are not created after enabling VPN on ISA Server 2006


http://blogs.technet.com/isablog/archive/2009/12/08/rras-ports-are-not-created-after-enabling-vpn-on-isa-server-2006.aspx


 


Forefront TMG 2010 Tools and SDK Update


http://blogs.technet.com/isablog/archive/2009/12/10/forefront-tmg-2010-tools-and-sdk-update.aspx


 


Reducing Kerberos requests when using KCD for web publishing.


http://blogs.technet.com/isablog/archive/2009/12/11/reducing-kerberos-requests-when-using-kcd-for-web-publishing.aspx


 


Hyper-V Update to Improve Network Stability


http://blogs.technet.com/isablog/archive/2009/12/12/hyper-v-update-to-improve-network-stability.aspx


 


Manually creating the SecurID Node Secret fails on Forefront TMG.


http://blogs.technet.com/isablog/archive/2009/12/15/manually-creating-the-securid-node-secret-fails-on-forefront-tmg.aspx


 


Closing the Forefront codename Stirling – Forefront TMG forum


http://blogs.technet.com/isablog/archive/2009/12/15/closing-the-forefront-codename-stirling-forefront-tmg-forum.aspx


 


Troubleshooting NIS was never made easier


http://blogs.technet.com/isablog/archive/2009/12/15/troubleshooting-nis-was-never-made-easier.aspx


 


How to get NLB to work with Forefront TMG when running in Hyper-V.


http://blogs.technet.com/isablog/archive/2009/12/22/How-to-get-NLB-to-work-with-Forefront-TMG-when-running-in-Hyper_2D00_V.aspx


 


RRAS Service fails to start on ISA Server 2006 when enabling RADIUS Authentication for VPN Users


http://blogs.technet.com/isablog/archive/2009/12/23/rras-service-fails-to-start-on-isa-server-2006-when-enabling-radius-authentication-for-vpn-users.aspx


 


Using Forefront TMG/ISA Server BPA for documenting your deployment


http://blogs.technet.com/isablog/archive/2009/12/24/using-forefront-tmg-isa-server-bpa-for-documenting-your-deployment.aspx


 


Forefront TMG 2010 documentation now available on TechNet


http://blogs.technet.com/isablog/archive/2009/12/29/forefront-tmg-2010-documentation-now-available-on-technet.aspx


 


Categories for URL Filtering


http://blogs.technet.com/isablog/archive/2010/01/03/categories-for-url-filtering.aspx


 


Localized versions of Forefront TMG 2010 documentation released to TechNet


http://blogs.technet.com/isablog/archive/2010/01/04/localized-versions-of-forefront-tmg-2010-documentation-released-to-technet.aspx


 


Scripting URL overrides in Forefront TMG


http://blogs.technet.com/isablog/archive/2010/01/07/scripting-url-overrides-in-forefront-tmg.aspx


 


Hardware recommendations for Forefront TMG 2010


http://blogs.technet.com/isablog/archive/2010/01/12/hardware-recommendations-for-forefront-tmg-2010.aspx


 


SCOM pack for Forefront Threat Management Gateway 2010 has been released


http://blogs.technet.com/isablog/archive/2010/01/14/scom-pack-for-forefront-threat-management-gateway-2010-has-been-released.aspx


 


Forefront TMG Administrator’s Companion Goes to the Printers


http://blogs.technet.com/isablog/archive/2010/01/15/forefront-tmg-administrator-s-companion-goes-to-the-printers.aspx


 


Tips and Tricks – ISA Data Packager Fails to Start


http://blogs.technet.com/isablog/archive/2010/01/18/tips-and-tricks-isa-data-packager-fails-to-start.aspx


 


Announcing the availability of TMG Best Practices Analyzer Version 8


http://blogs.technet.com/isablog/archive/2010/01/22/announcing-the-availability-of-tmg-best-practices-analyzer-version-8.aspx


 


Forefront Unified Access Gateway & Intelligent Application Gateway 2007


 


Intelligent Application Gateway 2007 Technical Resources


http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687299.aspx


 


Forefront Edge Security Community


http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx


 


Forefront Unified Access Gateway Product Team Blog


The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:


 


Forefront Unified Access Gateway (UAG) 2010 is released!


http://blogs.technet.com/edgeaccessblog/archive/2009/12/24/forefront-unified-access-gateway-uag-2010-is-released.aspx


 


An improved way of managing the Access Enabling Servers or “Managing DirectAccess Management with UAG”


http://blogs.technet.com/edgeaccessblog/archive/2010/01/10/an-improved-way-of-managing-the-access-enabling-servers-or-managing-directaccess-management-with-uag.aspx


 


UAG DirectAccess and F5 BigIP – Better Together


http://blogs.technet.com/edgeaccessblog/archive/2010/01/12/uag-directaccess-and-f5-bigip-better-together.aspx


 


UAG 2010 is now on MSDN


http://blogs.technet.com/edgeaccessblog/archive/2010/01/13/uag-2010-is-now-on-msdn.aspx


 


Forefront UAG RTM documentation now live on TechNet


http://blogs.technet.com/edgeaccessblog/archive/2010/01/13/forefront-uag-rtm-documentation-now-live-on-technet.aspx


 


Forefront UAG in Common Criteria Evaluation


http://blogs.technet.com/edgeaccessblog/archive/2010/01/14/forefront-uag-in-common-criteria-evaluation.aspx


 


What happened to Basic and Webmail trunks?


http://blogs.technet.com/edgeaccessblog/archive/2010/01/15/what-happened-to-basic-and-webmail-trunks.aspx


 


How to configure Forefront TMG to block AD users from accessing internal resources


http://blogs.technet.com/edgeaccessblog/archive/2010/01/19/how-to-configure-forefront-tmg-to-block-ad-users-from-accessing-internal-resources.aspx


 


Documents


 


Guide to Configuring, Monitoring, and Troubleshooting the Network Inspection System (NIS) in Forefront Threat Management Gateway (TMG) 2010


Download this white paper to learn more about the Network Inspection System that is integrated in Forefront Threat Management Gateway 2010. NIS provides Intrusion Prevention System (IPS) capabilities to help protect computers behind the firewall against network-based attacks.


http://download.microsoft.com/download/F/4/0/F40887FD-648B-40E1-B79B-AAE43CEDCA4C/NIS%20in%20TMG%20Whitepaper.docx


 


Security Tip of the Month: XDomainRequest and Scripting Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083158&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


A new function in Internet Explorer 8, XDomainRequest introduces a new security model of “origin” headers, pre-flight checks, and limited HTTP request functionality. Learn more about XDomainRequest and its effect on scripting security in this article from SANS trainers Johannes Ulrich and Jason Lam.


 


Crypto Services and Data Security in Windows Azure http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083159&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Many early adopters of the Windows Azure platform still have a lot of questions about platform security and its support of cryptography. This article introduces the basic concepts of cryptography and related security within Windows Azure, and then it delves into some of the cryptography services and providers in the platform


 


How Do I: Use Smart Encryption Techniques for Cloud Apps? http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083160&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Get familiar with the basics behind encryption algorithms and practices used to create cryptographic schemes. Learn more about symmetric and asymmetric encryption algorithms, the SHA256 hash encryption algorithms, and how to implement them in a simple application.


 


Secure Application Publishing http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083161&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Learn how to use Microsoft Internet Security and Acceleration (ISA) Server 2006 to secure your Microsoft application infrastructure by protecting your corporate applications, services, and data across all network layers with stateful packet inspection, application-layer filtering, and comprehensive publishing tools.


 


HOW TO: Secure Applications That Are Built on the .NET Framework http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083162&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


This step-by-step article describes important considerations for securing applications that are built on the Microsoft .NET Framework, from adjusting .NET Framework security on a zone-by-zone basis to limiting the Web services protocols that a server permits.


 


Microsoft Security Development Lifecycle (SDL): Developer Starter Kit http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083163&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Quickly access content, labs, and training to help you establish a standardized approach to rolling out the Microsoft SDL in your organization — and enrich your existing development practices. This kit includes 14 content modules (with speaker notes, presenter guides, and sample comprehension questions) plus eight MSDN Virtual Labs with lab manuals — all to help you build a customized SDL training program for your development teams.


 


Preventing Security Development Errors: Lessons Learned at Windows Live http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083164&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Explore how the Windows Live Team applied the Security Development Lifecycle to the development of new Windows Live services with ASP.NET Model View Controller.


 


Security Best Practices for C++ http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083165&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Take advantage of recommended security tools and practices to help make successful attacks on your applications less likely.


 


Secure Coding Guidelines for the .NET Framework http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083166&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Get an overview of basic secure coding techniques, and then move on to guidance for securing state data, method access, wrapper code, and other elements.


 


Securing ADO.NET Applications http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083167&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. Explore recommendations for designing secure ADO.NET applications, working with data from a secured data source, encryption, and more.


 


Security Developer Center for Identity Management http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083168&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Get started with tools, training, downloads, and guidance to help you develop more secure applications with proven customer authentication, user access, and identity models


 


MSDN Forum: Security for Applications in Windows http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083169&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Have a question about developing secure applications for the Windows platform? Check the forum for the latest best practices and tips from Microsoft and community subject matter experts.


 


Downloads


 


Forefront Threat Management Gateway 2010 Release – Download now!


Forefront Threat Management Gateway 2010 allows employees to safely and productively use the Internet without worrying about malware and other threats. It provides multiple protection capabilities including URL filtering, antimalware inspection, intrusion prevention, application- and network-layer firewall, and HTTP/HTTPS inspection – that are integrated into a unified, easy to manage gateway, reducing the cost and complexity of Web security. Forefront Threat Management Gateway 2010 is available for download in both Standard Edition and Enterprise Edition.


http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=e05aecbc-d0eb-4e0f-a5db-8f236995bccd&displaylang=en


 


Forefront Unified Access Gateway (UAG) now available


Download the trial version of Forefront UAG, the next generation of Intelligent Application Gateway, providing secure, anywhere access to messaging, collaboration, and other resources.


http://technet.microsoft.com/en-gb/evalcenter/dd183100.aspx


 


Microsoft Forefront Threat Management Gateway Best Practices Analyzer Tool


The Forefront Threat Management Gateway (TMG) Best Practices Analyzer (BPA) Tool is designed for administrators who want to determine the overall health of their Forefront TMG computers and to diagnose current problems. The tool scans the configuration settings of the local Forefront TMG computer and reports issues that do not conform to the recommended best practices.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=8aa01cb0-da96-46d9-a50a-b245e47e6b8b


 


Microsoft Forefront Threat Management Gateway (TMG) 2010 Management Pack for Operations Manager 2007


This is the management pack (MP) that monitors the deployment topology and features, performance and availability of Forefront Threat Management Gateway 2010.


http://www.microsoft.com/downloads/details.aspx?FamilyID=5bfce6be-b681-48bf-bda9-a93d005820dd&displaylang=en


 


Microsoft® Forefront Threat Management Gateway (TMG) 2010 Tools & Software Development Kit


Software Development Kit (SDK), diagnostics, and other feature-related tools for Forefront TMG 2010.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=8809cfda-2ee1-4e67-b993-6f9a20e08607


 


Microsoft Antigen 9.0 Management Pack


This Antigen 9.0 management pack for Operations Manager 2007 supports the 9.0 versions of Microsoft Antigen for Exchange or Microsoft Antigen for SMTP Gateways. Requires OpsMgr 2007 MOM 2005 Backward Compatibility MP Update 6.0.5000.16


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=72cda2c2-6dbd-4c70-bfcc-d2c8c6e459d3


 


HSPD-12 Logical Access Authentication and Active Directory Domains


This document explains the interdependencies between Active Directory Domain Services (AD DS) and Public Key Infrastructure (PKI) related to Homeland Security Presidential Directive 12 (HSPD-12) smart card logon.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b86d8fe2-a76a-4692-9983-5ee65f0f4e88


 


Managing and Protecting Personal Information


A Microsoft Perspective on Data Governance for Privacy and Compliance


Private enterprise privacy white paper, providing Microsoft’s perspective on the role that technology plays in helping enterprises responsibly protect and manage personal information.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=53035b0d-66be-415a-aadc-ae47105af354


 


Active Directory Rights Management Services in a Resource Forest – End-to-End Solution


Active Directory Rights Management Services in a Resource Forest – End-to-End Solution helps you easily setup and automate AD RMS in a resource forest environment.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=3182373c-c6d3-44d1-88da-9c1b2f5dec2e


 


Active Directory Rights Management Services Bulk Protection Tool and File Classification Infrastructure Step-by-Step


Active Directory Rights Management Services Bulk Protection Tool and File Classification Infrastructure Step-by-Step helps you easily setup and configure AD RMS to work with FCI.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a1abc2af-8af5-4b32-bf9f-63424a6409d9


 


January 2010 Security Release ISO Image


This DVD5 ISO image file contains the security updates for Windows released on Windows Update on January 12th, 2010.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=72e99b28-b26e-46ce-a0f0-0fcaeba090c0


 


Microsoft Office Communications Server 2007 R2 Client Group Policy Documentation


This download package contains the Communicator.adm file and a Group Policies Spreadsheet that lists the Group Policy settings for Office Communications Server 2007 R2 clients.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5d6f4b90-6980-430b-9f97-ffadbc07b7a9


 


Update for Microsoft Office Outlook 2003 Junk Email Filter (KB977840)


Microsoft has released an update for Microsoft Office Outlook 2003. This update provides the latest fixes to Microsoft Office Outlook 2003. Additionally, this update contains stability and performance improvements.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c598ef4b-0fd9-4279-a8ce-aca520da58ed


 


Update for Windows Mail Junk E-mail Filter [January 2010] (KB905866)


Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=aa029fde-f341-44fc-8b85-0c6f3d3c2d69


 


Update for Windows Mail Junk E-mail Filter for x64-based Systems [January 2010] (KB905866)


Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=749e10cd-f40c-4f94-8e38-d4221ded7652


 


Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64


This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=585d2bde-367f-495e-94e7-6349f4effc74


 


SDL Quick Security References


The SDL Quick Security References will help you better understand and address common attacks that may be affecting your software, Web sites, and users.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=79042476-951f-48d0-8ebb-89f26cf8979d


 


Forefront Online Protection for Exchange (FOPE) 10.1 Product Documents


Product documents for FOPE 10.1 include the following: New Features Guide, Administration Center User Guide


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=be5963ee-917f-4677-94c5-02985d7e077e


 


Security and Authentication in Microsoft Dynamics CRM: Connectivity and Firewall Port Requirements in On-Premise Deployments


This document provides guidance on the connectivity requirements between Microsoft Dynamics CRM 4.0 and other systems to assist readers with proper firewall configuration in customer environments.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=d06e9b99-2f10-43fd-94b4-8014a8dca9ea


 


Security and Authentication in Microsoft Dynamics CRM: Connectivity and Firewall Port Requirements in On-Premise Deployments


This document provides guidance on the connectivity requirements between Microsoft Dynamics CRM 4.0 and other systems to assist readers with proper firewall configuration in customer environments.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=d06e9b99-2f10-43fd-94b4-8014a8dca9ea


 


SDL Quick Security References


The SDL Quick Security References will help you better understand and address common attacks that may be affecting your software, Web sites, and users.


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=79042476-951f-48d0-8ebb-89f26cf8979d


 


Forefront Online Protection for Exchange (FOPE) 10.1 Product Documents


Product documents for FOPE 10.1 include the following: New Features Guide, Administration Center User Guide


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=be5963ee-917f-4677-94c5-02985d7e077e


 


Cloud Computing Security Considerations


A high-level discussion of the fundamental challenges and benefits of cloud computing security


http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=131f31f9-e08e-4a16-a698-99dcda8f57d7


 


Events/WebCasts 


 


TechNet webcast: Protect client and server operating systems with Microsoft Secure Endpoint Solution


Learn how customers can protect client and server operating systems from emerging threats and information loss while providing secure access from virtually anywhere. In this webcast, we demonstrate a Microsoft secure endpoint solution and highlight the key features and benefits of the solution. We also highlight the multi-layered protection offered by Microsoft Forefront Endpoint Protection, Forefront Protection Manager, and Forefront Threat Management Gateway.


http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032425495&EventCategory=4


 


Microsoft SDL – Developer Starter Kit http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12486214&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Security Awareness Materials http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12486215&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Guidance, samples, and templates for creating a security-awareness program in your organization.


Learn Security On the Job http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12486216&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Learning Paths for Security – Microsoft Training References and Resources http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=12486217&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


 


Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910 


Find security webcasts listed in an easy-to-use calendar format.


 


Upcoming Security Webcasts


http://www.microsoft.com/events/security/upcoming.mspx 


 


Register for the following Webcasts on the link above


 


TechNet Webcast: Information About Microsoft February Security Bulletins (Level 200)


Wednesday, February 10, 2010 11:00 A.M.-12:30 P.M. Pacific Time


 


TechNet Webcast: Forefront Client Security and the Microsoft Malware Protection Center (Level 200)


Friday, February 12, 2010 11:00 A.M.-12:00 P.M. Pacific Time


 


TechNet Webcast: Protecting Exchange Server 2010 Using Hybrid Forefront Protection for Exchange (Level 300)


Friday, February 12, 2010 1:00 P.M.-2:30 P.M. Pacific Time


 


Momentum Webcast: Secure Messaging and Collaboration (Level 100)


Tuesday, February 23, 2010 11:00 A.M.-12:00 P.M. Pacific Time


 


MSDN Webcast: Detecting and Mitigating Security Issues Using the Code Analysis Tool .NET (Level 200)


Thursday, February 25, 2010 1:00 P.M.-2:00 P.M. Pacific Time


 


On-Demand Security Webcasts


http://www.microsoft.com/events/security/ondemand.mspx  


 


Visit TechNet Spotlight: www.microsoft.com/technetspotlight   


Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more


 


New or updated KB’s


 


Microsoft ISA Server 2006


 


Description of the ISA Server 2006 hotfix package: October 25, 2009


http://support.microsoft.com/kb/976301


 


FIX: The Firewall service (Wspsrv.exe) may crash when you use the “Web Publishing Load Balancing” Web filter in ISA Server 2006


http://support.microsoft.com/kb/976296/


 


FIX: The “Daily Traffic Summary” table shows an incorrect calculation for the cache hit ratio in ISA Server 2006


http://support.microsoft.com/kb/975124/


 


FIX: The ISA Server 2006 log for the firewall client does not contain the client host name after you configure ISA Server 2006 to log the client host name


http://support.microsoft.com/kb/975334/


 


FIX: Error message when you use the New-MoveRequest task to move a mailbox from Exchange 2007 to Exchange 2010: “Error: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)”


http://support.microsoft.com/kb/976545/


 


Description of the ISA Server 2006 hotfix package: December 8, 2009


http://support.microsoft.com/kb/977530


 


FIX: You cannot download a message attachment from the OWA server if the OWA server is published by using ISA Server 2006


http://support.microsoft.com/kb/976495


 


FIX: High CPU usage occurs when you back up or export configuration information for ISA Server 2006


http://support.microsoft.com/kb/977427/


 


Intelligent Application Gateway 2007


 


Description of Update 2 for Intelligent Application Gateway 2007 Service Pack 2 (975491)


http://support.microsoft.com/kb/975491


 


A.O.B


 


Security Blogs


 


Trustworthy Computing Security/Privacy Blogs http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083121&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083122&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Michael Howard http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083123&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083124&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Eric Lippert http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083125&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083126&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Eric Fitzgerald http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083127&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083128&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


MSRC Blog http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083129&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083130&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


ACE Team http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083131&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083132&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Windows Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083133&s1=68628015-2ccc-cbc7-31b9-0e76c3415474  RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083134&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Solution Accelerators – Security & Compliance http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083135&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083136&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Security Vulnerability Research & Defense http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083137&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083138&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Security Development Lifecycle (SDL) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083139&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 RSS http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083140&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


 


Security Newsgroups


 


General Security issues/questions http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083141&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Open with newsreader news://msnews.microsoft.com/microsoft.public.security


Virus issues/questions http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083142&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Open with newsreader news://msnews.microsoft.com/microsoft.public.security.virus


ISA Server http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083143&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Open with newsreader news://msnews.microsoft.com/microsoft.public.isa


Window Vista: Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083144&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Open with newsreader news://msnews.microsoft.com/microsoft.public.windows.vista.security


SQL Server: Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083145&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Open with newsreader news://msnews.microsoft.com/microsoft.public.sqlserver.security


Windows Server: Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=13083146&s1=68628015-2ccc-cbc7-31b9-0e76c3415474


Open with newsreader news://msnews.microsoft.com/microsoft.public.windows.server.security


 

Comments (0)