Microsoft Security Newsletter – June 2011

	NOTE FROM THE EDITOR Welcome to June's Security Newsletter! Some of the most prevalent malware threats over the past couple of years have used a feature in Windows called Autorun, to infect systems. The top families of threats that use this technique include Win32/Taterf, Win32/Rimecud, Win32/Conficker, and Win32/Autorun. If you have been using the Microsoft Security Intelligence Report as a source of information on threats, you'll likely recognize this list of "usual suspects" and know that many of them can copy themselves to removable or network drives, and attempt to spread when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature. To combat these threats Microsoft has taken several steps to help protect customers, including releasing updates for the Windows XP and Windows Vista platforms to make the Autorun feature more locked-down, as it is by default on Windows 7. The Microsoft Malware Protection Center (MMPC) just released new findings of a study they did on how effective these efforts have been. I'm happy to report that the infection rates of Autorun abusing malware on Windows XP and Windows Vista went down significantly; by May of 2011, the number of infections found by the Malicious Software Removal Tool (MSRT) per scanned computer was reduced by 59% on Windows XP and by 74% on Windows Vista in comparison to the 2010 infection rates. There were even steeper reductions in these infection rates on systems running the latest service packs. You can read the details and other findings of the study in this MMPC blog post. With data supporting the effectiveness of this mitigation, the clear call to action for IT Professionals and Security Professionals is to evaluate whether you already have the updates for the Autorun feature deployed in your Windows XP and Windows Vista environments and if not, assess if you can deploy them. More details on the updates themselves are available on this Microsoft Security Response Center (MSRC) blog post. Best regards, Tim Rains, Director, Product Management, Microsoft Trustworthy Computing Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape. June 2011 Edition IN THIS ISSUE • Top Stories • Security Guidance • Community/MVP Update • Cloud Security Corner • This Month's Security Bulletins • Microsoft Product Lifecycle Information • Security Events and Training • Upcoming Security Webcasts SECURITY PROGRAM GUIDE • Microsoft SDL - Developer Starter Kit • Security Awareness Materials • Learn Security On the Job

Consumerization of IT and Sophistication of Attacks When employees take their laptops home, do they pose a risk to your network when they bring them back? What kinds of exploits should you watch out for? In this webcast, you can explore how cybercriminals use marketing-like tactics to lure their victims, learn about the potential impact to your organization, and get guidance on how to stay protected. Social Engineering Threat Trends in 2010 Interested in learning how social networking has affected the way cybercriminals work? According to Microsoft's Security Intelligence Report, Volume 10, social networking has become one of the most common ways attackers lure their victims. Watch this short video to learn more about the emerging social engineering threats and get guidance on how you can protect yourself. Rogue Security Software: "Scamming for Money" Rogue security software, sometimes referred to as scareware, is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. In 2010, Microsoft cleaned almost 19 million infected systems with rogue security software. This video discusses the latest Rogue Security Software findings from the Microsoft Security Intelligence Report Volume 10 and provides recommendations to help you prevent rogues. Security Tip of the Month: Prioritizing Microsoft Security Update Deployment Using Severity Ratings and the Updated Exploitability Index Microsoft has established a predictable process for releasing security updates on the second Tuesday of each month. Each security update carries two pieces of information that help with the prioritization process: the severity rating and the Exploitability Index. Explore each of these items in detail and learn how, taken separately, each gives an indication of the risk of a vulnerability being exploited while, taken together, both can add a new dimension of information that can help with prioritization decisions. Microsoft Security Update Guide, Second Edition Get in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment. This guide is designed to help you better understand and maximize Microsoft security update release information, processes, communications, and tools. How to Remove the Trojan Win32/FakePav Watch a short demonstration of how Win32/FakePav infects an unprotected computer, and find out how to remove the trojan. Behind the Curtain of Second Tuesdays: Challenges in Software Security Response This presentation discloses some of the challenges seen by the MSRC in addressing modern vulnerabilities. As SDL weeded out the simple buffer overflow, vulnerabilities have become more complex in nature and thus more challenging to address. The goal is to provide insight into Microsoft's techniques and processes in responding to these challenges and to provide lessons learned to other organizations in similar situations. Microsoft Security Compliance Manager Download this free tool offering centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies. Security Compliance as an Engineering Discipline As a result of requirements like the Payment Card Industry Data Security Standard (PCI-DSS), some organizations are building comprehensive application security programs for the first time. Learn how to harmonize compliance-focused programs with security engineering by integrating secure engineering practices into the entire software lifecycle with the Microsoft Security Development Lifecycle (SDL). Summer Viewing: Highlights from BlueHat v10: Nine Trends Affecting the Future of Exploitation Explore nine trends that will affect exploitation over the next decade. A number of technological, social, and environmental trends will change the world of exploitation as we've known it in the 2000s. This has lessons alike for defense, attack, and customers in the middle. Everybody Be Cool This Is a ROPpery Return-oriented programming is one of the most advanced attack techniques available today. This talk presents algorithms that allow an attacker to search for and compose gadgets regardless of the underlying architecture using the REIL meta language. We show a return-oriented compiler for the ARM architecture as a proof-of-concept implementation of the algorithms developed and discuss applications for the iPhone iOS platform. Browser Hacks, Design Flaws, & Opt-In Security There are a number of design flaws that plague browsers, and the challenge in fixing them tends to be the unwillingness to "break the Web." This puts security designers in the position of making security opt-in choices, and few if any developers and users do because they don't know the real risks. Time to explore these issues in a bit deeper context to see what might be done. MSDN Video: Windows Azure Platform Security Essentials: Module 1 – Security Architecture (Level 300) Find out about the security features of the Windows Azure platform, resources available to protect applications and data running on the Microsoft cloud and SQL Azure security and authentication options. MSDN Video: Windows Azure Platform Security Essentials: Module 2 – Identity Access Management (Level 200) Explore the use of claims-based authentication to allow Active Directory and other on-premises identity providers to be used by Azure applications. MSDN Video: Windows Azure Platform Security Essentials: Module 3 – Storage Access (Level 200) Learn about the various options for controlling access to information stored in Windows Azure Storage or in SQL Azure. MSDN Video: Windows Azure Platform Security Essentials: Module 4 – Secure Development (Level 200) Familiarize yourself with proven best practices for designing and deployment secure applications in the Azure platform. Critical: • MS11-038: Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490) • MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842) • MS11-040: Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426) • MS11-041: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) • MS11-042: Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512) • MS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution (2536276) • MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) • MS11-050: Cumulative Security Update for Internet Explorer (2530548) • MS11-052: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) Important: • MS11-037: Vulnerability in MHTML Could Allow Information Disclosure (2544893) • MS11-045: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) • MS11-046: Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665) • MS11-047: Vulnerability in Hyper-V Could Allow Denial of Service (2525835) • MS11-048: Vulnerability in SMB Server Could Allow Denial of Service (2536275) • MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) • MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) Security Bulletin Overview for June 2011 Microsoft Security Response Center (MSRC) Blog Post Monthly Security Bulletin Webcast Q&A Windows Media Video (WMV) Windows Media Audio (WMA) SECURITY BLOGS • Trustworthy Computing Security/Privacy Blogs • Michael Howard • Eric Lippert • Eric Fitzgerald • MSRC Blog • ACE Team • Windows Security • Forefront Team • Solution Accelerators - Security & Compliance • Security Vulnerability Research & Defense • Security Development Lifecycle (SDL) UPCOMING CHATS • View a listing of upcoming technical chats COMMUNITY WEBSITES • IT Pro Security Community ADDITIONAL SECURITY RESOURCES • Security Help and Support for IT Professionals • TechNet Troubleshooting and Support Page • Microsoft Security Glossary • TechNet Security Center • MSDN Security Developer Center • Sign-Up for the Microsoft Security Notification Service • Security Bulletin Search Page • Microsoft Security Center • Home Users: Protect Your PC • MCSE/MCSA: Security Certifications • Subscribe to TechNet • Register for TechNet Flash IT Newsletter

Reminder: Windows Vista Service Pack 1 End of Support Windows Vista Service Pack 1 will reach the end of support on July 12, 2011. From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista SP1. In order to stay secure and continue support, you must upgrade to Service Pack 2 (SP2). Find information about your particular products on the Microsoft Product Lifecycle Web site. See a List of Supported Service Packs: Microsoft provides free software updates for security and non-security issues for all supported service packs. TechNet Virtual Lab: Forefront Endpoint Protection: Policy and Update Management After completing this lab, you will be better able to use ConfigMgr to create and deploy FEP policy to computers managed by ConfigMgr, and use the server-role policy templates and FEP Group Policy tool to populate Group Policy Objects with FEP settings for computers that are not yet managed by ConfigMgr. For IT Professionals TechNet Webcast: Talk TechNet with Keith Combs and Matt Hester - Episode 42: Talking Group Policy with Jeremy Moskowitz (Level 200) Friday, July 01, 2011 9:00 AM Pacific Time TechNet Webcast: Rogue Security Software: Scamming for Money (Level 200) Monday, July 11, 2011 10:00 AM Pacific Time TechNet Webcast: Information about Microsoft Security Bulletins for July (Level 200) Wednesday, July 13, 2011 11:00 AM Pacific Time TechNet Webcast: Patch Management at Microsoft Using System Center Configuration Manager (Level 300) July 19, 2011 9:30 AM Pacific Time TechNet Webcast: Social Engineering Threat Trends in 2010 (Level 200) Monday, July 25, 2011 10:00 AM Pacific Time Now on Demand TechNet Webcast: Forefront Endpoint Protection 2010 and System Center Configuration Manager (Level 200) The disciplines of system management and security can be considered two sides of the same IT coin when it comes to endpoints. System management ensures that systems are configured, patched, and operating correctly, and security keeps threats and vulnerabilities from compromising the system. The upcoming release of Microsoft Forefront Endpoint Protection 2010 is built on Microsoft System Center Configuration Manager to deliver high levels of protection and productivity. Join this webcast to get an overview of what you can expect from this convergence of security and management. MSDN Webcast: Security Talk: Threat Model Express (Level 200) As a core element of the design phase of the Microsoft Security Development Lifecycle (SDL), threat modeling helps software architects identify and mitigate potential security issues early. Although the benefits of threat modeling at the design phase are well-documented and tools are available to automate this technique, some organizations aren't able to perform it due to time constraints. To help any organization infuse threat modeling in their development projects, Learn how to create a threat model for web applications using an organization's most valuable resource: its people. Interactive Security Webcast Calendar Upcoming security webcasts in a dynamic, interactive format.

This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2011 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA

Sign up for this newsletter | Unsubscribe | Update your profile 2011 Microsoft Corporation Terms of Use | Trademarks | Privacy Statement