November – Technical Rollup Mail – Security


  Intelligence Report v11 Now Available

  Explore this collection of data from Internet services and over 600
  million computers worldwide for the latest information and trends on today’s
  threat landscape. Volume 11 of the SIR offers an analysis of the global
  impact of exploits, vulnerabilities, and malware; detailed telemetry by
  country/region; and a special article on Zeroing
  In on Malware Propagation Methods

  Threats on the Desktop: An Update from the Microsoft Malware Protection

  The Microsoft Malware Protection Center (MMPC) routinely monitors threats
  (via the desktop) that affect different mobile platforms. One of the
  increasingly common ways mobile devices are being compromised is related to
  allowing users to download and install applications independently. Explore
  this trend in more detail by reading this MMPC Blog post.


Microsoft Security Bulletin Summary for Oct, 2011



Security Bulletin Overview for Oct 2011

Microsoft Security Response Center (MSRC) Blog

Windows Media Video (WMV)

Windows Media Audio (WMA)

iPod Video (MP4)

MP3 Audio

High Quality WMV (2.5 Mbps)

Zune Video (WMV)


Microsoft Product Lifecycle Information

Find information about your particular products
  on the Microsoft Product Lifecycle Web site


See a List of Supported Service Packs

Microsoft provides free software updates for
  security and nonsecurity issues for all supported service packs.


Follow the
  Microsoft Security Response team on Twitter
  @MSFTSecResponse for the latest information on the threat landscape.


Forefront TMG and ISA Server



Microsoft Forefront Threat Management Gateway (TMG)
2010 Service Pack 2.

The service pack includes the following new functionality
and feature improvements:

  • · New Reports

The new Site
Activity report displays a report showing the data transfer between users and
specific websites for any user.

  • · Error Pages

A new look and
feel has been created for error pages.

Error pages can be
more easily customized and can include embedded objects.

  • · Kerberos Authentication

You can now use
Kerberos authentication when you deploy an array using network load balancing


Forefront Security TechCenter

Please note that if you have feedback
on documentation or wish to request new documents – email


Forefront Threat Management Gateway
2010 homepage


Forefront TMG (ISA Server) Product Team

The ISA Server Product Team Blog (
is updated on a regular basis. Latest entries include:


How to generate a certificate with
subject alternative names (SAN)


Use the Power of Excel Pivot Tables to
analyze attacks and session distribution


Forefront TMG Service Pack 2 Now


New in SP2: Kerberos Authentication in
Load Balanced Scenarios


New in SP2: Site Activity Report


New in SP2: Improved Error Pages


Forefront Unified Access Gateway &
Intelligent Application Gateway 2007


Forefront Unified Access Gateway 2010
Technical Resources

For comments, feedback, and requests,
contact the Forefront UAG User Assistance team at


Forefront Unified Access Gateway
Product Team Blog

The UAG Product Team Blog (
is updated on a regular basis. Latest entries include:


Lessons from the Field and Best Practices for
Active Directory Authorization on Unified Access Gateway 2010(UAG)


Forefront Edge on the Wiki

The home of community-generated content
about Microsoft technologies — that anyone can edit! Read the latest wiki
articles about TMG and UAG.






Microsoft Forefront Threat Management Gateway (TMG)
2010 Service Pack 2.


New KB’s


Microsoft Forefront Threat Management


Microsoft Forefront Threat Management Gateway 2010
Service Pack 2


Microsoft Internet Security and
Acceleration Server 2006


Description of the ISA Server 2006 hotfix package:
September 2011


FIX: Users in remote forests cannot change their
passwords through ISA Server 2006


FIX: Large files become corrupted during file
transfer through the Socks V4 client


FIX: Outlook Web App clients are not timed out in
ISA 2006 after the ISA FBA idle time-out is reached


FIX: ISA 2006 blocks published website requests for
URLs that include carriage returns (CR) or linefeeds (LF)




  Technologies for Consumerization

  Explore the technologies that can help you embrace the latest trends in
  consumerization while maintaining control over your IT environment. Learn
  more with answers to frequently asked questions and a video deep dive into Microsoft’s strategy
  around slate devices, technical differentiators for Windows slate devices,
  and the technologies available to help support non-Windows slate devices.

  of IT and Sophistication of Attacks

  Watch this video for information on how cybercriminals use marketing-like
  tactics to target consumers, how that can impact your organization, and
  guidance on how to stay protected.

  Future of Client Security and Management

  Get insight into how products like System Center Configuration Manager
  2012 can help address the challenges associated with managing various devices
  like iPads, iPhones, Android phones, Windows Phones, slates from a single
  console. This video from TechNet Edge also discusses user-centric versus
  computer- or device- centric management, and options for managing the
  physical and the virtual in a single console with Microsoft Virtual Desktop
  Infrastructure (VDI) and Microsoft Application Virtualization (App-V) integration.

  Private Desktops

  Learn how to deploy a full VDI infrastructure featuring both Microsoft
  and Citrix. View related step-by-step videos from the VDI Day series on how
  to deploy and manage private or pooled desktops, how to address shared and
  private storage for desktops, and the different application delivery models
  including streamed, hosted, and locally installed.

  System Center Checklist for Mobile Device Management

  Explore the steps required to support mobile device management on
  Configuration Manager—and the resources available to help you complete each

  Client Access Security in Microsoft Exchange

  Security is an important aspect of any Exchange Server 2010 installation.
  By default, all Exchange 2010 protocols are automatically configured for
  Secure Sockets Layer (SSL) connectivity. Explore these resources to better
  understand the variety of security settings you can configure for the
  Microsoft Office Outlook Web App, Exchange ActiveSync (EAS), Outlook
  Anywhere, and POP3 and IMAP4.

  Drive Encryption for Windows: Step by Step

  Learn how to use BitLocker technologies to encrypt all data stored on the
  Windows operating system volume and configured data volumes with answers to frequently asked questions,
  step-by-step guides on design and deployment, best practices, and much more.

  Phone 7.5 Enterprise Security and Policy Management Guide

  Explore data and malware protection considerations, and get security and
  policy management information for EAS security–related policies that can be
  managed by IT departments

  Service Security for Windows Phone

  Windows Phone applications have the ability to exchange data with
  computers all over the world, but the more valuable the data is, the more
  important it is to make sure that your application requests and receives data
  using security procedures that reflect the value of that data. This article
  describes several different ways to help secure Windows Phone applications
  when they make calls to web services.

  to Encrypt Data in a Windows Phone Application

  Learn how to encrypt and decrypt confidential data such as passwords,
  connection strings, and PINs in a Windows Phone application by using the Data
  Protection API (DPAPI).

  Control Security Best Practices for Windows Phone

  When you are developing an application that uses the WebBrowser control,
  consider these best practices and information regarding security.



Webcast Calendar

security webcasts listed in an easy-to-use calendar format.


Security Webcasts



Information about Microsoft Security Bulletins for




Information about Microsoft Security Bulletins for




Security Talk Series: Newer Software is Better



Security Webcasts


TechNet Spotlight:

on Demand, Video Downloads, PowerPoint Presentations, Audio and more



Comments (0)