July 2011 – Technology Rollup Mail – Security

Article
06/30/2011

News

Consumerization of IT and Sophistication of AttacksWhen employees take their laptops home, do they pose a risk to your network when they bring them back? What kinds of exploits should you watch out for? In this webcast, you can explore how cybercriminals use marketing-like tactics to lure their victims, learn about the potential impact to your organization, and get guidance on how to stay protected.

https://technet.microsoft.com/en-us/edge/consumerization-of-it-and-sophistication-of-attacks.aspx

Social Engineering Threat Trends in 2010Interested in learning how social networking has affected the way cybercriminals work? According to Microsoft's Security Intelligence Report, Volume 10, social networking has become one of the most common ways attackers lure their victims. Watch this short video to learn more about the emerging social engineering threats and get guidance on how you can protect yourself.

https://www.youtube.com/watch?v=ZbgLZSP7Nbk

Rogue Security Software: "Scamming for Money" Rogue security software, sometimes referred to as scareware, is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. In 2010, Microsoft cleaned almost 19 million infected systems with rogue security software. This video discusses the latest Rogue Security Software findings from the Microsoft Security Intelligence Report Volume 10 and provides recommendations to help you prevent rogues.

https://www.microsoft.com/security/sir/videos/default.aspx#!video_1_3

Microsoft Security Bulletin Summary for June, 2011

https://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx

Security Bulletin Overview for June 2011

Microsoft Security Response Center (MSRC) Blog Post https://go.microsoft.com/?linkid=9683067

Windows Media Video (WMV) https://go.microsoft.com/?linkid=9683068

Windows Media Audio (WMA) https://go.microsoft.com/?linkid=9683069

iPod Video (MP4) https://go.microsoft.com/?linkid=9683070

MP3 Audio https://go.microsoft.com/?linkid=9683071

High Quality WMV (2.5 Mbps) https://go.microsoft.com/?linkid=9683072

Zune Video (WMV) https://go.microsoft.com/?linkid=9683073

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site https://go.microsoft.com/?linkid=9669804

See a List of Supported Service Packs https://go.microsoft.com/?linkid=9669805

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter https://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.

Documents

Security Tip of the Month: Prioritizing Microsoft Security Update Deployment Using Severity Ratings and the Updated Exploitability Index Microsoft has established a predictable process for releasing security updates on the second Tuesday of each month. Each security update carries two pieces of information that help with the prioritization process: the severity rating and the Exploitability Index. Explore each of these items in detail and learn how, taken separately, each gives an indication of the risk of a vulnerability being exploited while, taken together, both can add a new dimension of information that can help with prioritization decisions.

Microsoft Security Update Guide, Second Edition Get in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment. This guide is designed to help you better understand and maximize Microsoft security update release information, processes, communications, and tools.

How to Remove the Trojan Win32/FakePav Watch a short demonstration of how Win32/FakePav infects an unprotected computer, and find out how to remove the trojan.

Behind the Curtain of Second Tuesdays: Challenges in Software Security Response This presentation discloses some of the challenges seen by the MSRC in addressing modern vulnerabilities. As SDL weeded out the simple buffer overflow, vulnerabilities have become more complex in nature and thus more challenging to address. The goal is to provide insight into Microsoft's techniques and processes in responding to these challenges and to provide lessons learned to other organizations in similar situations.

Microsoft Security Compliance Manager Download this free tool offering centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Security Compliance as an Engineering Discipline As a result of requirements like the Payment Card Industry Data Security Standard (PCI-DSS), some organizations are building comprehensive application security programs for the first time. Learn how to harmonize compliance-focused programs with security engineering by integrating secure engineering practices into the entire software lifecycle with the Microsoft Security Development Lifecycle (SDL).

Downloads

Microsoft Security Development Lifecycle (SDL) - Version 5.1

Microsoft Security Development Lifecycle (SDL) Process Guidance - Version 5.1

https://www.microsoft.com/downloads/en/details.aspx?FamilyID=e5ff2f9d-7e72-485a-9ec0-5d6d076a8807

June 2011 Security Release ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on June 14, 2011. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.

Important: Be sure to check the individual security bulletins at https://www.microsoft.com/technet/ security prior to deployment of these updates to ensure that the files have not been updated at a later date.

This DVD5 image contains the following updates:

KB2544893 / (MS11-037)

Windows XP

Windows XP x64 Edition

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2476490 / (MS11-038)

Windows XP

Windows XP x64 Edition

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2478656 / (MS11-039)

KB2478657 / (MS11-039)

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

KB2478658 / (MS11-039)

KB2478659 / (MS11-039)

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

KB2478660 / (MS11-039)

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

KB2478661 / (MS11-039)

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

KB2478662 / (MS11-039)

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

KB2478663 / (MS11-039)

KB2525694 / (MS11-041)

Windows XP x64 Edition

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista for x64-based Systems

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7 for x64-based Systems

Windows Embedded Standard 7 for x64-based Systems

KB2535512 / (MS11-042)

Windows XP

Windows XP x64 Edition

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2536276 / (MS11-043)

Windows XP

Windows XP x64 Edition

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2518863 / (MS11-044)

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

KB2518865 / (MS11-044)

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

KB2518866 / (MS11-044)

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

KB2518867 / (MS11-044)

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

KB2518869 / (MS11-044)

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

KB2503665 / (MS11-046)

Windows XP

Windows XP x64 Edition

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2525835 / (MS11-047)

Windows Server 2008 x64 Edition

Windows Server 2008 R2 x64 Edition

KB2536275 / (MS11-048)

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2530548 / (MS11-050)

Windows XP

Windows XP x64 Edition

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2003 for Itanium-based Systems

Windows Vista

Windows Vista for x64-based Systems

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 R2 x64 Edition

Windows Server 2008 R2 for Itanium-based Systems

Windows 7

Windows 7 for x64-based Systems

Windows Embedded Standard 7

Windows Embedded Standard 7 for x64-based Systems

KB2518295 / (MS11-051)

Windows Server 2003

Windows Server 2003 x64 Edition

Windows Server 2008

Windows Server 2008 x64 Edition

Windows Server 2008 R2 x64 Edition

KB2544521 / (MS11-052)

https://www.microsoft.com/download/en/details.aspx?id=26329

Events/WebCasts

Security Webcast Calendar

https://go.microsoft.com/fwlink/?LinkId=37910

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

https://www.microsoft.com/events/security/upcoming.mspx

Register for the following Webcasts on the link above

TechNet Webcast: Information about Microsoft Security Bulletins for July (Level 200)

Wednesday, July 13, 2011 11:00 A.M.-12:00 P.M. Pacific Time

July 2011 – Technology Rollup Mail – Security

Additional resources