March–Technical Rollup Mail–Security


Security Compliance Manager 2.5 Beta Now Available for Download
Quickly configure and manage desktops and your private cloud using Group Policy and System Center Configuration Manager. SCM 2.5 offers long-awaited new product baselines for Exchange Server as well as updated baselines for Windows 7 Service Pack 1 (SP1), Windows Vista Service Pack 2 (SP2), Windows XP Service Pack 3 (SP3), Microsoft Office 2010 SP1, and Internet Explorer 8.

Phishing Financial Institutions and Social Networks
Learn how Microsoft tracks phishing sites and phishing impressions, who phishers are targeting, the global distribution of phishing sites, and how to defend against phishing attacks.

Financial Services Industry Publishes Software Assurance Framework
As noted in Tim's introduction to this month's newsletter, BITS, the technology policy division of The Financial Services Roundtable, has announced the release of its Software Assurance Framework. The framework documents the importance of secure development and provides guidelines that financial services organizations can use to implement these practices more fully. The framework is rooted in education, integration of security in design using standards and threat modeling, best practices for coding, focused and comprehensive testing and followed with important implementation and response practices.

Microsoft Security Bulletin Summary for Feb, 2012

Security Bulletin Overview for Feb 2012

Microsoft Security Response Center (MSRC) Blog Post

Windows Media Video (WMV)

Windows Media Audio (WMA)

iPod Video (MP4)

MP3 Audio

High Quality WMV (2.5 Mbps)

Zune Video (WMV)

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site

See a List of Supported Service Packs

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.

Forefront TMG and ISA Server

Forefront Security TechCenter

Please note that if you have feedback on documentation or wish to request new documents - email

Forefront Threat Management Gateway 2010 homepage

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog ( is updated on a regular basis. Latest entries include:

Blank User Activity Report if domain or username contains accented characters

Rock around the Remote Access Service

Forefront Unified Access Gateway & Intelligent Application Gateway 2007

Forefront Unified Access Gateway 2010 Technical Resources

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog ( is updated on a regular basis. Latest entries include:

The UAG DirectAccess Web Monitor shows “Network Security” as Not Healthy

DirectAccess Connectivity Assistant polling interval

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.

TMG - The latest entry includes:

Test Lab Guides

Test lab guides (TLGs) allow you to get valuable hands-on experience with new products and technologies using a pre-defined and tested methodology that results in a working configuration.



Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 1


Security Tip of the Month: Threat Modeling and Agile Development Practices
By Dan Griffin, Microsoft MVP - Enterprise Security and Tom Jones, Software Architect, JW Secure
Just because an application needs to be developed rapidly, doesn't mean that you can't develop that application with privacy and security in mind. This article examines how to effectively perform threat modeling for projects that demand rapid development processes.

Simplified Implementation of the Microsoft SDL
Get started with the SDL by downloading this guide, which illustrates the core concepts of the Microsoft SDL and discusses the individual security activities that should be performed in order to follow the SDL process.

Web App Security with the Microsoft Simplified SDL
Get a brief overview of common threat considerations for Web application development and deployment then find out how you can leverage the Microsoft Simplified SDL to help mitigate those threats while achieving the speed and efficiency of cloud computing.

SDL Quick Security References
Better understand and learn how to address common attacks that may be affecting your software, websites, and users.

How to Conduct a Code Review
A properly conducted code review can do more for the security of your application than nearly any other step. Get step-by-step guidance to help you identify the type of bugs that are important for your code and generate a list of bugs found in the code that should be prioritized for eradication.

Securing Your Application Platform
What's the most secure way to store a secret? Read this Microsoft Security Development Lifecycle (SDL) blog post for the answer.

"How Do I" Security Videos for Developers
Find videos that explore a variety of security questions for developers, including encryption, handling attacks, security best practices, and a lot more. New videos are added regularly, so check back often.

Configuration and Utilization of AppLocker
Learn how to specify exactly what is allowed to run on desktops with the AppLocker feature in Windows 7. AppLocker provides the flexibility to allow users to run the applications, installation programs, and scripts they need to be productive. Learn how you can realize the security, operational, and compliance benefits of application standardization by using AppLocker with this short video tutorial.

AppLocker: Frequently Asked Questions
Find answers to common questions about deploying and managing AppLocker. For more details, see the AppLocker Policies Design Guide, AppLocker Policies Deployment Guide, and AppLocker Operations Guide.


Security Webcast Calendar

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

Register for the following Webcasts on the link above

TechNet Webcast: Information about Microsoft Security Bulletins for March (Level 200)

On-Demand Security Webcasts

Visit TechNet Spotlight:

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

Comments (0)

Skip to main content