Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. Want to receive more frequent updates on news and featured resources? Subscribe to the Featured Security and Privacy Content RSS feed. Have an idea for a future article, or looking for guidance around a specific topic that you have not seen in this newsletter (or on TechNet or MSDN)? E-mail secaware@microsoft.com. Featured Article | By Jesper M. Johansson, Director, Windows Client Enterprise Security, Microsoft Corporation In the first in an ongoing series, Jesper Johansson discusses the broad and varied challenges faced in the field of Information Security Management and the keys to planning a sound InfoSec strategy. | Top Stories | The latest volume of the Microsoft Security Intelligence Report (SIR) is now available. Providing a comprehensive assessment of the threat landscape during the second half of 2008, the SIR provides the industry's most comprehensive and wide-reaching security analysis. | | Join Microsoft security experts Jeff Jones and Thomas Dawkins as they walk you through the new release of the Microsoft Security Assessment Tool, MSAT 4.0. Once you're familiar with the improvements, check out an in-depth demo on how to use the tool to build your business risk profile, create an assessment of the current security state of your business IT infrastructure, and review specific guidance to strengthen the security of your organization. | | The new Security Compliance Management Toolkit series features updated security guides, the GPOAccelerator tool, and configuration packs to help you establish, deploy, and monitor your Windows and 2007 Microsoft Office System security baselines. Download it today. | Security Guidance | !exploitable (pronounced "bang exploitable") Crash Analyzer is a Windows debugger extension that provides automated crash analysis and security risk assessment. !exploitable Crash Analyzer puts analysis that previously required the help of a security expert into a tool that every developer and tester can use. | | Get valuable guidance, instructions, and recommendations to address your key security concerns around server virtualization. | | Organizations today are facing a rising tide of cyber attacks on their computers and networks. They need a proactive approach to protect their assets and sensitive information against such attacks. This guide provides an easy-to-understand method that enables you to develop threat models for your environments and prioritize investments in IT infrastructure security. | | This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient. | | Securability refers to the ability to provide security to an application and its data. Numerous design choices impact the securability of an application. The documentation in this section covers several aspects of choosing a security model for a distributed application created using ASP.NET including authentication, impersonation, and process identity. | | Learn about the security features in Internet Information Services (IIS) 7.0 and their benefits, and then get step-by-step guidance to configure them. | This Month's Security Bulletins Critical: Important: Moderate: | Get the information you need to help protect your systems from the Conficker Worm or to recover systems that have been infected. | Community / MVP Update | Rudolph Araujo is a Technical Director at Foundstone, where he is responsible for creating and delivering the threat modeling and security code review service lines. Rudolph has many years of software development experience on both UNIX and Windows environments and is a contributor to many online and print journals such as Software Magazine, where he writes a column on Writing Secure Code. | | The lack of data validation in Web applications has gone beyond just being a problem with a single application -- it now has an impact on entire organizations and the larger Internet community. This article discusses some of the key strategies that are effective and efficient at helping software developers validate data within their Web applications. It also provides specific examples in Microsoft ASP.NET of how much of this validation can be achieved for "free" by taking advantage of features in the framework. | Microsoft Product Lifecycle Information Security Events and Training | This month's learning path to will help you learn to address your needs for a high level of control over content and site management, with the ability to offer people more flexibility and to encourage collaboration, spanning the entire information lifecycle. | | Take a three-day instructor-led course that teaches you how to deploy Forefront security products. | Upcoming Security Webcasts | Thursday, April 16, 11:00 AM Pacific Time Mike Ziock, Senior Director Operations, Business Online Services, Microsoft Corporation | | Find out about upcoming security webcasts using a dynamic, interactive format. | For IT Professionals For Developers Microsoft On-Demand Webcasts • | | • | | • | MSDN Webcast: More Secure Online Services Powered by the Microsoft Security Development Lifecycle (Level 300) In this webcast, we demonstrate the most common and most dangerous threats to online services, and we describe the coding procedures and tools required by the Microsoft Security Development Lifecycle (SDL) to mitigate or defeat these threats. Additionally, we discuss some strategies on how to implement the SDL successfully in the fast-paced environment of online services on the Internet, in which development teams can literally be delivering new versions of their products every single day. | | | | Volume 6, No. 4 April 2009 | Additional Security Resources | | | © 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Azure, Forefront, Hyper-V, MSDN, SharePoint, Visual Studio, Windows, and Windows Mobile are trademarks of the Microsoft group of companies. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, Washington, USA 98052 | | | |