NOTE FROM THE EDITOR
 Welcome to August's Security Newsletter! Recently the Microsoft Security Response Center (MSRC) released a bevy of fresh new content and data focused on the progress it has made related to the three programs it announced two years ago: the Microsoft Active Protections Program (MAPP), the Microsoft Exploitability Index, and the Microsoft Security Vulnerability Research (MSVR) program.
For example, did you know that as of June 2010, MAPP consisted of 65 companies, including vendors based in North America, Europe, the Middle East, and Asia? During late 2009 and early 2010, MAPP membership grew especially strongly in Asia. Do you know if your antivirus (AV) or intrusion detection/prevention systems (IDS/IPS) vendor is a MAPP partner and receiving vulnerability information earlier than the "bad guys"? Click here and find out.
Another new resource I'd like to draw your attention to is a whitepaper entitled "Vulnerability Management at Microsoft." If you are an IT pro or security professional responsible for helping to protect your organization's network infrastructure and data, and you'd like to understand more about the specific engineering processes Microsoft uses to release security updates, this is required reading. Have you ever wondered where the most time and effort is spent as Microsoft develops security updates? This paper provides you with some good insight into this and other related topics. For a closer look at the activities of the MSVR program, click here.
If you explore any of the content I mention above, you might also notice the recent improvements to the MSRC website including a new video on the home page that will help you understand the inner workings of the MSRC. With all of this new content, plus the Office 2010 security guidance featured below, you'll have plenty to catch up on before September's newsletter!
Best regards,
Tim Rains, Group Product Manager, Microsoft Trustworthy Computing
Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.
 |  |
Microsoft Security Response Center Progress Report
Get the latest information from the Microsoft Security Response Center on the progress of three initiatives that share information to foster deeper industry collaboration, increase community-based defenses, and better protect customers.
| Join the Security Compliance Manager Beta 2 Program
Preview this new security baseline, and gain knowledge to help you more effectively deploy and monitor your security baseline for Windows Server 2008 R2, Exchange 2007, Office 2010, SQL Server 2008, and SQL Server 2008 R2 as well as setting packs for Windows 7 and Internet Explorer 8. | | |  |  | |
TechNet Wiki Spotlight: Enforcing Security Compliance with Group Policy
Enforcing security compliance on application servers can be a complex and tedious process. Explore best practices that could assist enterprises that utilize many different applications.
Also from the TechNet Wiki:
| Search Federation Security in Microsoft Office SharePoint Server 2007
Explore security best practices for the federation feature of Microsoft Office SharePoint Server 2007, Federation is a feature that first appeared in Search Server 2008 and is made available to Office SharePoint Server 2007 by installing the Infrastructure Update for Microsoft Office Servers. Federated search enables end users to issue one query that can query one or more search engines that are compliant with Open-search 1.1 and display results from each search engine in a separate Web part on a single search results page. | | | |  | |
Take a Fun and Informative Cloud Quiz
What kind of cloud are you? Take a short quiz to find out how Microsoft cloud services can help you offload commodity workloads, manage security capabilities and "shadow" IT applications, and maintain compliance with industry regulations.
| Managing the Cloud with Windows Intune
Windows Intune is a new cloud-based PC management solution that can help you keep your organization's PCs secure, updated and manageable no matter where they're located. This TechNet Magazine article goes into detail on each workspace that is available and the benefits it provides, and then delves into the technical architecture of Windows Intune. Want to learn more about Windows Intune? Check out the Windows Intune resource page on TechNet. | | | |  | |
Microsoft Trustworthy Computing: Job Listings
Today, Trustworthy Computing is a core corporate value at Microsoft, guiding almost everything we do. It is about more than just addressing today's challenges. Explore the jobs currently available with the Microsoft Trustworthy Computing team and join us in our efforts to ensure that the innovations people will rely on tomorrow are designed from the very beginning to be reliable and secure, respectful of their privacy, and supported by trustworthy and responsive companies. | | | |  | |
Security Talk: Using the Microsoft Security Intelligence Report v8
Take a comprehensive look at vulnerabilities, exploits, malware, and the threat landscape as determined by Microsoft security experts, including analysis and recommendations based on data input from over 500 million computers worldwide. In this video, you'll also explore action-focused strategies, mitigations, and countermeasures that can help you understand how you can protect your organization's IT investments. A podcast version of this video is also available. | | | |  | |
For IT Professionals For Developers Now On Demand - Security Talk Podcast: File Fuzzing for Fun and Profit
Fuzzing is the most commonly used method for finding security flaws in software, but fuzzing can also be used by development teams to find and fix security holes before deployment. Learn how file fuzzing works, and how to do file fuzzing practically using both homemade and commercially available tools. We show you how to generate the input and automate the testing process. We also discuss the feasibility of covering entire search spaces and the various aspects and trade-offs of choosing different attack vectors. | Interactive Security Webcast Calendar
Upcoming security webcasts in a dynamic, interactive format. | | | |
This is a monthly newsletter for IT professionals and developers-bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site.
Legal Information.
This newsletter was sent by the Microsoft Corporation
One Microsoft Way
Redmond, WA, 98052, USA
| |
