December 2012 – Technical Rollup Mail – Security

News

"Blackhole" Exploit Kit Activity Peaks as Exploit Activity on the Internet Reaches New Heights http://blogs.technet.com/b/security/archive/2012/11/12/blackhole-exploit-kit-activity-peaks-as-exploit-activity-on-the-internet-reaches-new-heights.aspx
Blacole, a family of exploits used by the so–called Blackhole exploit kit to deliver malicious software through infected webpages, was the most commonly detected exploit family in the first half of 2012 by a large margin. Learn more about this exploit, and steps you can take to evaluate the risks in your environment and mitigate them as soon as possible.

The Promise of Differential Privacy http://blogs.technet.com/b/trustworthycomputing/archive/2012/11/05/the-promise-of-differential-privacy.aspx
Microsoft has some of the world’s top privacy researchers working on a wide variety of interesting challenges, and strives to translate this research into new privacy–enhancing technologies. Differential Privacy is a technology that enables researchers and analysts to extract useful answers from databases containing personal information and, at the same time, offers strong individual privacy protections. Explore how Differential Privacy works; download the new white paper entitled, "Differential Privacy for Everyone".

Microsoft Security Bulletin Summary for Dec, 2012

http://technet.microsoft.com/en-us/security/bulletin/ms12-dec

Security Bulletin Overview for Dec 2012

Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067

Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068

Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069

iPod Video (MP4) http://go.microsoft.com/?linkid=9683070

MP3 Audio http://go.microsoft.com/?linkid=9683071

High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072

Zune Video (WMV) http://go.microsoft.com/?linkid=9683073

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804

See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.

Forefront Threat Management Gateway 2010

Forefront Security TechCenter

http://technet.microsoft.com/en-gb/forefront/default.aspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

Forefront Threat Management Gateway 2010 homepage

http://technet.microsoft.com/en-gb/forefront/ee807302.aspx

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

Using the Account Lockout Feature in TMG 2010

http://blogs.technet.com/b/isablog/archive/2012/11/01/using-the-account-lockout-feature-in-tmg-2010.aspx

Setting up TMG 2010 Where EMS is a Domain Member and Array Servers are in a Workgroup

http://blogs.technet.com/b/isablog/archive/2012/11/01/setting-up-tmg-2010-where-ems-is-a-domain-member-and-array-servers-are-in-a-workgroup.aspx

How to determine if a client request contains a Multi-Line Header

http://blogs.technet.com/b/isablog/archive/2012/11/13/how-to-determine-if-a-client-request-contains-a-multi-line-header.aspx

How to implement PEAP-MSCHAPv2 as authentication method for VPN connections in TMG 2010

http://blogs.technet.com/b/isablog/archive/2012/12/11/how-to-implement-peap-mschapv2-as-authentication-method-for-vpn-connections-in-tmg-2010.aspx

Other TechNet Blogs

Data analysis with TMG data packager.

http://blogs.technet.com/b/sooraj-sec/archive/2012/11/07/data-analysis-using-with-tmg-data-packager.aspx

TMG services hang at startup due to third party service.

http://blogs.technet.com/b/sooraj-sec/archive/2012/12/12/tmg-services-hang-at-startup-due-to-third-party-service.aspx

Forefront Unified Access Gateway 2010

Forefront Unified Access Gateway 2010 Technical Resources

http://technet.microsoft.com/en-gb/forefront/edgesecurity/ee907407.aspx

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at uagdocs@microsoft.com.

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:

UAG 2010 Service Pack 3 is in the works

http://blogs.technet.com/b/edgeaccessblog/archive/2012/11/26/uag-2010-service-pack-3-is-in-the-works.aspx

UAG published website is not fully rendered

http://blogs.technet.com/b/edgeaccessblog/archive/2012/11/27/uag-published-website-is-not-fully-rendered.aspx

Other TechNet Blogs

UAG Error Codes

http://blogs.technet.com/b/ben/archive/2012/11/06/uag-error-codes.aspx

UAG support for Windows 8…and other new tech

http://blogs.technet.com/b/ben/archive/2012/11/29/uag-support-for-windows-8-and-other-new-tech.aspx

The UAG Video course is out!

http://blogs.technet.com/b/ben/archive/2012/12/04/the-uag-video-course-is-out.aspx

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.

TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx.

UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx

The latest entries include:

ISA /TMG server returned a response code of 400 (BAD REQUEST)

http://social.technet.microsoft.com/wiki/contents/articles/14395.isa-tmg-server-returned-a-response-code-of-400-bad-request.aspx

Forefront UAG DirectAccess: Application Compatibility Table (en-US)

http://social.technet.microsoft.com/wiki/contents/articles/2936.forefront-uag-directaccess-application-compatibility-table-en-us.aspx

Documents

Security Tip of the Month: Kicking the Virtual Tires of a Cloud Provider
Evaluating a cloud provider needs to be done with care. Learn how to make the evaluation process simpler and easier to ensure that everyone can address the important factors of the cloud selection process.

Understanding Security Account Management in Windows Azure
There are several recommended approaches to security management for applications and services hosted on Windows Azure. Explore these recommendations along with best practices for creating and managing administrative accounts, using certificates for authentication, and handling transitions when employees begin or terminate employment.

Windows Azure Security Best Practices for Developers
Explore this seven–part blog series for a discussion of the challenges involved in designing applications for the cloud and tips on what you can do in your software to insure access to those who should have access and prevent access those who do not.

Security Guidelines for SQL Azure
SQL Azure Database is a cloud database service from Microsoft that provides Web–facing database functionality as a utility service. If you are planning to connect to SQL Azure Database, or if you build secure applications on SQL Azure, make sure to consult these security guidelines.

A Solution for Private Cloud Security
Find a comprehensive explanation of the process for designing and running security for a robust and comprehensive private or hybrid cloud environment.

Five Security Tips for Windows Intune
Learn how to use the security features in Windows Intune, Microsoft’s cloud services solution for PC management and endpoint protection, to implement best practices that can help you better protect your PCs.

Security in Office 365
Get an overview on how Office 365 makes it easy for users and administrators to access and use data and services while following security best practices. For more detailed information on security in Office 365, download the "Office 365 Security and Service Continuity Service Description" available from the Download Center.