September 2011 - Technical Rollup Mail–Security

Article
08/31/2011

News

What is Security Science? https://technet.microsoft.com/en-gb/edge/Video/hh269932.aspx Explore the proactive work that Microsoft's Trustworthy Computing group is conducting to help provide more secure, private, and reliable computing experiences for the individuals and companies who power today's computing ecosystem.

News

Global Cyber Supply Chain Management https://blogs.technet.com/b/security/archive/2011/07/26/global-cyber-supply-chain-management.aspx Microsoft recently published two white papers that expand on the principles outlined by Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, in his recent keynote address at the East-West Institute's Second Worldwide Cybersecurity Summit in London:

"Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust" presents a set of key principles to enable governments and vendors to manage supply chain risk more effectively, and articulates the need for broad agreement.
"Toward A Trusted Supply Chain: A Risk-Based Approach to Managing Software Integrity" provides a framework for the pragmatic assessment of Software Integrity risk management practices in the product development process and online services operations.

Cybersecurity Report: 84% Believe Risk is Higher than One Year Ago https://blogs.technet.com/b/security/archive/2011/08/05/cybersecurity-report-84-believe-risk-is-higher-than-1-year-ago.aspx Gain valuable insight into how experts from around the world view the cybersecurity challenge and learn about the practical steps they pursue for everything from securing the undersea cables that carry over 99% of intercontinental Internet traffic to ensuring emergency communications after disasters.

Microsoft Security Bulletin Summary for August, 2011

https://www.microsoft.com/technet/security/bulletin/ms11-aug.mspx

Security Bulletin Overview for August 2011

Microsoft Security Response Center (MSRC) Blog Post https://go.microsoft.com/?linkid=9683067

Windows Media Video (WMV) https://go.microsoft.com/?linkid=9683068

Windows Media Audio (WMA) https://go.microsoft.com/?linkid=9683069

iPod Video (MP4) https://go.microsoft.com/?linkid=9683070

MP3 Audio https://go.microsoft.com/?linkid=9683071

High Quality WMV (2.5 Mbps) https://go.microsoft.com/?linkid=9683072

Zune Video (WMV) https://go.microsoft.com/?linkid=9683073

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site https://go.microsoft.com/?linkid=9669804

See a List of Supported Service Packs https://go.microsoft.com/?linkid=9669805

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter https://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.

Documents

Security Tip of the Month: Lync Edge Server Security https://technet.microsoft.com/en-gb/magazine/hh272676.aspx While Microsoft Lync Server 2010 uses many standard security measures, you can configure it for additional levels of protection. Get guidance on enforcing network isolation, designing firewall rules, bracing for denial of service (DoS) attacks, and more.

Microsoft Security Compliance Manager https://technet.microsoft.com/en-gb/solutionaccelerators/cc835245.aspx Assess, configure, and manage all your organization's security baselines in one centralized location. The Security Compliance Manager (SCM) tool provides security configuration recommendations from Microsoft, centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft products.

Data Classification Toolkit for Windows Server 2008 R2 https://www.microsoft.com/download/en/details.aspx?id=27123 Get the help you need to properly identify, classify, and protect data across targeted file servers in your organization with the Data Classification Toolkit for Windows Server 2008 R2. This toolkit also provides classification and rule examples to help you build and deploy policies to protect critical information in a cost-effective manner.

SDL Threat Modeling Tool 3.1.8 https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=2955 A core element the Microsoft Security Development Lifecycle (SDL), this tool helps development teams define a product's default and maximum attack surface during the design phase and helps reduce the likelihood for exploitation. Download it today and get additional guidance on threat modeling with the Microsoft SDL Starter Kit.

MiniFuzz File Fuzzing Tool https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21769 Download this basic testing tool to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.

Downloads

MiniFuzz basic file fuzzing tool

MiniFuzz is a very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.

https://www.microsoft.com/download/en/details.aspx?id=21769

SDL Threat Modeling Tool 3.1.8

The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle.

https://www.microsoft.com/download/en/details.aspx?id=2955

Data Classification Toolkit for Windows Server 2008 R2

This Solution Accelerator is designed to help enable an organization to identify, classify, and protect data on their file servers. The out-of-the-box classification and rule examples help organizations build and deploy their policies to protect critical information.

https://www.microsoft.com/download/en/details.aspx?id=27123

Active Directory Certificate Services (AD CS)

This download center location contains information related to administering Active Directory Certificate Services (AD CS)

https://www.microsoft.com/download/en/details.aspx?id=17877