News
Microsoft Security Intelligence Report Version 9 Now Available http://www.microsoft.com/security/sir/default.aspx
Covering the first half of 2010 (January 1 - June 30), Volume 9 of the Security Intelligence Report includes intelligence on botnets and how to combat this threat, details on botnet and malware infection rates worldwide, and the latest security data and trends analysis captured by Microsoft security analysts. Also included are recommended techniques to protect your organization, software, and people.
Introducing the IT Compliance Management Series http://technet.microsoft.com/en-gb/library/dd206732.aspx
Designed to help eliminate the murkiness of IT governance, risk, and compliance (GRC), the IT Compliance Management Series is designed to help bridge the knowledge gap for IT pros by translating auditor expectations and IT GRC authority document requirements into real IT tasks through the use of control activities that are specific to a particular technology or platform.
IT GRC Process Management Pack (PMP) for System Center Service Manager http://www.microsoft.com/downloads/en/details.aspx?FamilyID=aff058bb-628f-4a7d-b566-317cb53f666e&displaylang=en
Get end-to-end compliance management and automation for desktop and datacentre computers including tools to translate complex regulations and standards into authoritative control objectives and control activities for your organization’s IT compliance program.
Active Directory Federation Services 2.0: Open Doors to the Cloud http://technet.microsoft.com/en-gb/magazine/ff721824.aspx
Explore how the new Microsoft Active Directory Federation Services release promises to up the ante on cloud security.
Microsoft Security Bulletin Summary for Oct, 2010
http://www.microsoft.com/technet/security/bulletin/ms10-Oct.mspx
Security Bulletin Overview for October 2010
Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067
Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068
Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069
iPod Video (MP4) http://go.microsoft.com/?linkid=9683070
MP3 Audio http://go.microsoft.com/?linkid=9683071
High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072
Zune Video (WMV) http://go.microsoft.com/?linkid=9683073
Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804
See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805
Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.
Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.
Forefront TMG and ISA Server
Forefront Security TechCenter
http://technet.microsoft.com/forefront/default.aspx
Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com
Forefront Threat Management Gateway 2010 homepage
http://technet.microsoft.com/en-gb/forefront/ee807302.aspx
Forefront TMG (ISA Server) Product Team Blog
The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:
Unable to download files through Forefront TMG 2010 when Malware Inspection is Enabled
Forefront TMG/UAG Help Wanted at Microsoft in Reading, UK and Munich, Germany
Expect the unexpected… Failed Connection 995 and 64 with SSL Traffic
TMG Reports stop working after installing TMG 2010 SP1
How to determine which version of TMG 2010 is installed
The « test rule » button fails with error “Failed to get domain controller name for this published server”
The Exchange Edge default Receive connector gets unexpectedly disabled even though the Email policy is not configured
TMG is Unable to Listen on Port 80 (no IIS was not installed)
Understanding Performance Impact of Fast Trickling Option on TMG 2010
Forefront Unified Access Gateway & Intelligent Application Gateway 2007
Forefront Unified Access Gateway 2010 Technical Resources
http://technet.microsoft.com/en-gb/forefront/edgesecurity/ee907407.aspx
For comments, feedback, and requests, contact the Forefront UAG User Assistance team at uagdocs@microsoft.com.
Forefront Unified Access Gateway Product Team Blog
The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:
Forefront UAG 2010 – Update 2
http://blogs.technet.com/b/edgeaccessblog/archive/2010/10/17/forefront-uag-2010-update-2.aspx
Announcing Forefront UAG 2010 Service Pack 1
Forefront Edge on the Wiki
The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.
TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx
UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx
Documents
Security Tip of the Month: How to Deploy Your First Windows Azure Application: Step by Step http://technet.microsoft.com/en-gb/ee957681.aspx
Watch a step-by-step demonstration on how to deploy a new Windows Azure Web Role Application to the Cloud in Azure Platform, create a new Azure Storage Service for the application's data access, create a new Azure Hosted Application Service, configure and publish the Web Role Application's package and configuration, and deploy the application to Azure staging and production environments.
Patterns & practices: Cloud Security Approach in a Nutshell http://technet.microsoft.com/en-gb/ff742848.aspx
Discover the cornerstone concepts that lay a foundation for Microsoft's patterns & practices Cloud Security approach. Microsoft's patterns & practices represent applied engineering guidance that includes both production quality source code and documentation.
Building Applications that Use AppFabric Access Control http://msdn.microsoft.com/library/ee725242.aspx
The Windows Azure AppFabric Access Control (AC) service can be accessed from any Web service platform including .NET Framework, WCF, Silverlight, ASP.NET, Java, Python, Ruby, PHP, and Flash. Learn how Web services can rely on AC for authentication and authorization, and how to use AC in your applications.
Security Talk: Windows Azure Security - A Peek Under the Hood http://technet.microsoft.com/en-us/edge/security-talk-windows-azure-security-a-peek-under-the-hood.aspx?query=1
Find out how Windows Azure is structured to accept software and configuration requests from customers, deploy the software within virtual machines, and allocate storage and database resources to hold a persistent state-all while maintaining a minimal attack surface and several layers of defense in depth. This presentation also offers insight on how Windows Azure security compares with systems operated on a customer's premises.
Compliance Reporting: First Step in Controlling Client Cloud Access http://technet.microsoft.com/en-gb/magazine/ff720178.aspx
Find steps on how to improve your auditing and compliance reporting by using Access Protection (NAP) with IPsec connectivity technologies like DirectAccess to control client access.
Security Best Practices for Developing Windows Azure Applications http://technet.microsoft.com/en-gb/magazine/ff720178.aspx
Download this paper for details on the security challenges and recommended approaches to design and develop more secure applications for Microsoft's Windows Azure platform.
How to Use AppFabric to Provide Access Control for a Cloud Application http://msdn.microsoft.com/en-gb/ff728569.aspx
Windows Azure's AppFabric provides a foundation for rich cloud-based service and access control offerings. Join Hilton Giesenow, host of The Moss Show SharePoint Podcast, as he takes you through getting started with Windows Communication Foundation (WCF) services and the Windows Azure platform AppFabric ServiceBus component to extend WCF services into the cloud.
Cloud Cover Episode 8 - Shared Access Signatures https://channel9.msdn.com/shows/Cloud+Cover/Cloud-Cover-Episode-8-Shared-Access-Signatures/
Learn how to create and use Shared Access Signatures (SAS) in Windows Azure blob storage and discover how to easily create SAS signatures yourself.
Cloud Cover Episode 15 - Certificates and SSL https://channel9.msdn.com/shows/Cloud+Cover/Cloud-Cover-Episode-15-Certificates-and-SSL/
Find out how certificates work in Windows Azure and how to enable Secure Sockets Layer (SSL) protocols. Also discover a tip on uploading public key certificates to Windows Azure.
Cloud Security: Safely Sharing IT Solutions http://technet.microsoft.com/en-gb/magazine/gg296364.aspx
Explore ways to share IT solutions between the fixed cost of local resources and the variable cost of cloud resources without losing control of access to enterprise assets.
Downloads
Data Governance - Managing Technological Risk
Discusison of the core data governance capabilities related to technology.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e4ff1afe-69cd-4bfd-aeaa-c0519ba04272
Data Governance - A Capability Maturity Model
This paper presents a blueprint for organizations to implement the capabilities needed to establish a successful DGPC program.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1a45054b-b073-44e6-84f8-bee33c268f33
Microsoft Anti-Cross Site Scripting Library V4.0
AntiXSS 4.0 helps you to protect your applications from cross-site scripting attacks.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651
Microsoft Office Protocol Documentation
The Office protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in the Microsoft Office system.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e7a23d42-0835-440f-9400-badfe9672b21
Microsoft and Data Privacy
This paper examines trends in the evolving data management landscape and describes how Microsoft is providing leadership in protecting individuals’ personal information.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=297c2531-2621-446a-9efb-db87f76de02e
Microsoft SharePoint Products and Technologies Protocol Documentation
The Microsoft SharePoint Products and Technologies protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in SharePoint Products and Technologies.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5e94ad07-902c-422f-aadd-ff2bba9e540a
Microsoft and Data Breach Notification
Microsoft and Data Breach Notification
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b378d038-566d-47e1-8946-ba0561e0b988
TwC Enterprise Data Governance White Paper
Private enterprise privacy white paper, providing Microsoft's perspective on the role that technology plays in helping enterprises responsibly protect and manage personal information.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=53035b0d-66be-415a-aadc-ae47105af354
Data Governance White Paper
Data Governance White Paper
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5c711a4d-e7a9-44af-985e-f36774417f2b
IT GRC Process Management Pack for System Center Service Manager
The Microsoft® IT GRC Process Management Pack for System Center Service Manager(SCSM) provides end-to-end compliance management and automation for desktop and datacenter computers. Deeply integrated with SCSM the IT GRC Process Management pack translates complex regulations and standards into authoritative control objectives and control activities for the IT organization’s compliance program.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=aff058bb-628f-4a7d-b566-317cb53f666e
A Guide to Data Governance for Privacy, Confidentiality, and Compliance
Data governance is an approach that public and private entities can use to organize one or more aspects of their data management efforts, including business intelligence (BI), data security and privacy, master data management (MDM), and data quality (DQ) management. This series describes the basic elements of a data governance initiative for privacy, confidentiality, and compliance.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8ba05a48-f46c-491d-8857-6d9d6da2d3e3
Data Governance - People and Process
This paper examines the People and Process core capability areas required to enable Data Governance for Privacy, Confidentiality and Compliance.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b42cc616-fb59-4942-bc43-d4992dcb6f51
Microsoft and Data Breach Notification: Guidance for Enterprise Organizations
Document presenting data breach risks and concerns for organizations, and guidance for responding to a data breach.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49151c48-dd1d-4094-8722-d1e74f821426
Privacy Guidelines for Developing Software Products and Services
This document is a set of privacy guidelines for developing software products and services that are based on our internal guidelines and our experience incorporating privacy into the development process.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c48cf80f-6e87-48f5-83ec-a18d1ad2fc1f
IT Compliance Management Series
The IT Compliance Management Series—a combination of IT Compliance Management Libraries for Windows Server 2008, Windows Server 2008 R2, Windows 7, and Microsoft System Center—provides prescriptive guidance that helps IT pros configure Microsoft products to address specific IT governance, risk, and compliance (GRC) requirements.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=37ec588c-e1bc-415b-acaa-b9b4d494f466
September 2010 Security Release ISO Image
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 14th, 2010.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=29f2d1bc-f763-415d-8c83-7df07e82ffed
Microsoft Business Ready Security Trial Environment (4.0c)
The Microsoft Business Ready Security trial environment provides an end to end trial experience across all of the Business Ready Security solutions. The environment provides an opportunity to evaluate protection, access, management and identity technologies as a pre-configured set of VHDs.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=726f943e-d107-4b4d-a86e-dfb605e30ce5
Microsoft Security Essentials
Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e1605e70-9649-4a87-8532-33d813687a7f
FIM 2010 Planning and Architecture Collection
The Planning and Architecure Collection contains information for capacity and topology planning for a FIM 2010 deployment.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=eacb59ea-92cc-4e2b-a6ae-5b699758403e
Security Update for Microsoft Silverlight (KB978464)
This security update to Silverlight includes fixes outlined in KB 978464.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7e3f6c16-1339-49bc-a60c-ddc6c3a54850
Information Rights Management in Office for Mac 2011 Deployment Guide
The Information Rights Management in Office for Mac 2011 deployment guide is for IT managers, system administrators, or other people who are responsible for testing IRM implementation in Office for Mac.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=598cb9d3-2fdc-45e4-89f6-d2685a47c34c
Communicator for Mac 2011 Deployment Guide
Intended for IT Professionals, the Microsoft Communicator for Mac 2011 Deployment Guide provides guidance for using Microsoft Communicator for Mac 2011 with Microsoft Office Communications Server 2007 R2.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c4f539d-eb3c-422a-9b35-022970fc9c34
Defend Your Computer Consumer Brochure
Brochure offering guidance on building your computer's defenses, avoiding being tricked into downloading malware, and what to do if your computer is not running as usual.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bc43f79f-4b4a-42c8-a8d1-72d14e21d0df
Botnets: Guidance for Governments
One page document for policymakers and their influencers addressing Microsoft's approach to the problem of botnets.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b7afc814-f08b-4d78-a6b3-8631be54510e
Microsoft Security Intelligence Report volume 9 (January - June 2010)
This is the ninth volume of the Microsoft Security Intelligence Report
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b5f9eddc-70dc-4b11-996b-1bc6987c44b9
SDL Regex Fuzzer
SDL Regex Fuzzer is a tool to help test regular expressions for potential denial of service vulnerabilities.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8737519c-52d3-4291-9034-caa71855451f
Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356
Privacy in the Cloud Computing Era: A Microsoft Perspective
Microsoft’s perspective on cloud computing and privacy. (US English)
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=d9e313ab-e3cd-490b-9c54-f6626abf63b3
Cloud Computing Security Considerations
This paper provides a high-level discussion of the fundamental challenges and benefits of cloud computing security, and raises some of the questions that cloud service providers and organisations using cloud services need to consider when evaluating a new move, or expansion of existing services, to the cloud.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68fedf9c-1c27-4642-aa5b-0a34472303ea
Security in Cloud Computing - A Microsoft Perspective
This paper examines, at a high level, the changes that this evolution will likely bring to computer security and includes benefits as well as challenges.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c8507e8-50ca-4693-aa5a-34b7c24f4579
How Microsoft Reduces Operational Risk through Business Continuity Management
Business Continuity Management (BCM) equips Microsoft IT with operational intelligence to enhance their decision-making processes, manage risk, and gain a competitive advantage in preparation for adverse situations. Microsoft IT implements BCM frameworks within the company to ensure maximum employee safety and continued critical business processes and system availability with the goal of minimizing adverse impacts to Microsoft employees, customers, partners, and stakeholders.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=67697ffe-6fcc-4f35-865f-a6276f8fc0fb
Forefront Unified Access Gateway (UAG) Server Pack One (SP1) Release Candidate (RC)
The release candidate version of Forefront Unified Access Gateway (UAG) Server Pack One (SP1) provides a number of new features, including support for publishing ADFS 2.0; an improved Forefront UAG DirectAccess experience; one-time password (OTP) authentication for DirectAccess clients, and integration of Forefront UAG Update 1 and Update 2.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=980ff09f-2d5e-4299-9218-8b3cab8ef77a
Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook®
The Junk E-mail Reporting Tool lets you directly report junk e-mail to Microsoft and its affiliates for analysis to help us improve the effectiveness of our junk e-mail filtering technologies.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=53541292-ce94-4c5b-9127-b7d56f11b619
Events/WebCasts
Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
http://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200)
Wednesday, November 10, 2010 10:00 A.M.-11:30 A.M. Pacific Time
TechNet Webcast: Using the Microsoft Security Intelligence Report v9 (Level 200)
Monday, November 01, 2010 10:00-11:00 A.M. Pacific Time
On-Demand Security Webcasts
http://www.microsoft.com/events/security/ondemand.mspx
Visit TechNet Spotlight
www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more