| | | Trustworthy Computing | June 2013 |  | | Microsoft Security Newsletter | | | | | | | | Welcome to June’s Security Newsletter! | This month our newsletter focuses on security tools. A good tool can save a lot of work, frustration, and time for IT professionals and developers who are responsible for deploying, managing or developing software. Tools can mean the difference between getting home on time and working late into the evening on a frustrating problem. Tools can also be the difference between looking competent on the job or not. Microsoft provides a number of free security tools, several of which you can learn about in Microsoft’s Free Security Tools Summary.
This month, Microsoft released version four of the Enhanced Mitigation Experience Toolkit (EMET). EMET is a free mitigation tool designed to help IT pros and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation—even against zero-day vulnerabilities and vulnerabilities for which an update has not yet been applied. This can also give organizations more time to test and deploy security updates for vulnerable software. EMET 4.0 incorporates a number of new enhancements including protections against public key infrastructure (PKI) attacks, and hardened return-oriented programming (ROP) mitigations. It is also designed to work with our latest technologies such as Internet Explorer 10 and Windows 8. I encourage you to read my blog post for more information on EMET 4.0 and download the toolkit.
Finally, we are always looking to evolve this newsletter to make it more relevant and actionable for you, our valued subscribers. Have a suggestion on how we can improve? Email us at secnlfb@microsoft.com and share your ideas.
|  | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing | | |  | | Top Stories |  |  | | | Announcing the Microsoft Bounty Programs
Microsoft recently launched three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses, and for vulnerabilities in Internet Explorer 11 Preview. Explore the requirements for each program and find out how you can get involved.
The Importance of Smartphone Security
As smartphones have become an increasingly common extension for desktop computing devices, with end users configuring their personal smartphones to access company information, IT professionals often struggle with how to manage the protection of corporate data. Learn how Microsoft employs its Security Development Lifecycle (SDL) to design security defenses for Windows Phone 8 then download the Windows Phone 8 Security Overview for more details.
Rise of the Social Bots
Cases of malware stealing passwords, spreading, and posting malicious links through social media networks are on the rise. Many malware authors target browsers to easily intercept and manipulate data at the origin, to avoid dealing with secure protocol (such as HTTP) once data leaves a user’s system. Learn more about this increasing trend in malware, how it works, and why end user education is important in keeping social bots at bay. | | | | Security Guidance | | | | | Security Tip of the Month: Threat Mitigation with EMET 4.0
EMET 4.0 offers improvements and new features based on Microsoft customer feedback and the new attacks today’s IT ecosystem has faced over the last couple years. Explore the new features and learn how to best utilize EMET 4.0 as part of your overall security toolbox.
Getting Started with Microsoft Security Compliance Manager
Download Microsoft Security Compliance Manager (SCM) and benefit from a free tool designed to help you quickly configure and manage your desktops, traditional datacenter, and private cloud using Group Policy and System Center Configuration Manager. Need help with SCM? Visit the SCM Forum on TechNet.
Getting Started with System Center Essentials 2010
System Center Essentials 2010 is a management solution designed to help the IT system administrator in a medium-sized organization (up to 50 servers and 500 clients) easily secure, update, monitor, and track their entire IT environment. Find out how to use Essentials 2010 to manage computers and devices, and simplify update management. You can also download a 180-day trial to test the solution for yourself.
Cloud Security Readiness Tool
Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The Cloud Security Readiness Tool creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing. Take the survey then view the latest report, which is based on data collected by the tool from October 2012 to March 2013.
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed to help small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations, and offer specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates. Learn which versions of Windows and Office are currently supported, get answers to frequently asked questions, and get support in the MBSA Forum on TechNet.
Malicious Software Removal Tool
This tool checks computers running Windows 8, Windows Server 2012, Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP for infection from specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infections if found. Microsoft releases updated version of this tool on the second Tuesday of each month. Learn how the Malicious Software Removal Tool differs from an antivirus product, how to download and run the tool, and how the tool reacts when it detects malicious software in this Microsoft KB article. Looking to deploy MSRT in an enterprise environment? Read these instructions.
Microsoft SDL Tools
Microsoft Security Development Lifecycle (SDL) tools help you more effectively perform SDL-related security activities. This easy-to-use guide enables you to click on each phase of the lifecycle for tools specific to that phase. From process templates and design tools to analyzers and fuzzers, these tools will help you include security as a core component in your software development process and, thus, reduce the risk of costly issues, improve the security and privacy of your applications, and protect both enterprise data and your reputation.
Sysinternals Security Utilities
Scan your system for rootkit-based malware; see who access to directories, files, and registry keys on your systems; securely overwrite sensitive files; and more with free utilities from Windows Sysinternals. Whether you’re an IT pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
Windows Server 2012 Security from End to Edge and Beyond
Learn how to architect, design, plan, and deploy Microsoft security technologies for Windows 8 and Windows Server 2012 in the enterprise. This book covers security technologies that apply to both client and server and enables you to identify and deploy Windows 8 security features based on different business and deployment scenarios. Available now, this book is a key resource for learning how to secure Windows 8 with regard to core, endpoint, and anywhere access.
| | | | Cloud Security Corner | | | | | Resilience by Design for Cloud Services
Download a paper exploring Resiliency Modeling and Analysis (RMA), a methodology for improving resiliency adapted from the industry-standard technique known as Failure Mode and Effects Analysis (FMEA), and provides guidance for implementation.
| | | | This Month’s Security Bulletins | | | | | Microsoft Security Bulletin Summary for June 2013
| | June 2013 Security Bulletin Resources:
| | | | Security Events and Training | | | | | TechNet Webcast: Information about the July 2013 Security Bulletin Release
Wednesday, July 10, 2013
Join this webcast for a brief overview of the technical details of July’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
| | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | |
