| | | Note from the Editor
|  Welcome to May's Security Newsletter! We just released the latest volume of the Microsoft Security Intelligence Report (SIR) focusing on the threats we observed during the second half of 2009. If you are responsible for managing risk for your organization, this report is a must read. It contains data and insights into software vulnerability disclosures and exploits, malware, spam, phishing, SQL injection attacks, and much more. If you are interested in locations outside of the U.S., SIRv8 contains data on 210+ locations, and provides "deep dives" into the threat landscape in 26 different countries and regions.
Among other things, attackers are after your data. Protecting your data, both personal data and your organization's data, and preventing data leakage are key responsibilities for IT professionals. In the SIR, you'll read about some of the top causes of data loss as well as a large section on mitigation strategies for protecting networks, systems, and people. I asked Microsoft's IT department, called MSIT, to write this section for the SIR, knowing that many of you are interested in how Microsoft IT manages the risks associated with the threats you'll read about in the report. You'll also find plenty of other resources on data protection in this month's newsletter.
We hope that you find the latest Microsoft Security Intelligence Report and this newsletter helpful.
Best regards,
Tim Rains, Group Product Manager,
Microsoft Trustworthy Computing | |
| | | Volume 8 of the SIR provides a comprehensive and unique perspective on malware and potentially unwanted software activity around the world. The report analysis is based on data from over 500 million computers and from some of the Internet's busiest online services in the second half of 2009, and offers information about developing secure software and securing Internet-facing systems from attack. | | Microsoft Forefront Protection 2010 for SharePoint prevents malware and out-of-policy content from entering SharePoint libraries using multiple scanning engines from industry-leading partners combined with file and keyword filtering. Download and try it today. | | Active Directory Federation Services 2.0 helps IT efficiently deploy and manage new applications, facilitating seamless secure collaboration between organizations with automated federation tools. Download now and receive resources from the experts. | | Explore how the Windows Internet Explorer team has applied the SDL to every stage of the software engineering process for Internet Explorer 8. | |
| | | Find out how to easily evaluate how well an application and its operating environment stack up against industry privacy and data security best practices and how well they comply with your organization's privacy and data security policies. | Get a step-by-step guide to deploying BitLocker Drive Encryption on computers running Windows 7 Enterprise or Windows 7 Ultimate in a test environment then move to full-scale deployment with the BitLocker Drive Encryption Deployment Guide. | | Get answers to frequently asked questions about system requirements, upgrading, deployment, administration, and many other common topics. | | Find tested guidance and powerful tools to help you protect your data using technologies like the Encrypting File System (EFS) and BitLocker Drive Encryption. | | Learn how to send a command to a mobile phone that will perform a wipe of that phone. This process, known as a remote device wipe, clears all Exchange information that's stored on the mobile phone. You can use the EMC or the Shell to perform a remote wipe on a mobile phone. | | Access a step-by-step guide with instructions on how to configure a federated trust to consume rights-protected content across organizations. | | Learn what's new in the next version of System Center Data Protection Manager (DPM), due out in the spring of 2010, including new capabilities for protecting Exchange. | | Get community advice on how to automate the task of adding new virtual machines, and protecting them, using Windows PowerShell scripts. | | Walk through the process of configuring the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone. | | Get some tips for Web surfers, as well as a few tips for developers, on some of the things that can help prevent security threats. Learn about the three security topics that every developer should know about: cross-site scripting defenses, HTML sanitization, and JSON sanitization. | |
| | This Month's Security Bulletins | Security Bulletin Overview for May 2010 | Learn more about MS10-018, released out-of-band on March 30th due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374. | |
| | Effective Practices in Security: A Call to Action
By Herbert H. Thompson, Ph.D., Chief Security Strategist, People Security
A few months ago, Herbert Thompson wrote an article in this newsletter about the need for security practices that were truly effective in the real world. Over the past year, he's had the chance to talk with information security executives at some of the world's largest companies about how they innovate when it comes to security practices-conversations that he has now turned into a series of white papers that focus on how the security community is innovating. |
| |  Security MVP of the Month: Dan Griffin
Dan Griffin is the founder of JW Secure, Inc., a Microsoft Gold Certified Partner and provider of custom development services to software companies with security-related products, and Restorify, LLC, a disaster preparedness solution for managed service providers running line of business servers in Hyper-V. Formerly a member of Microsoft's Windows security development team, Dan has published several articles on Windows security software development and is a frequent conference speaker and security blogger.
MVP Article of the Month: Best-Practice Recommendations for Using BitLocker
Learn how BitLocker works with regard to security and data recovery, and how to configure the technology to protect data on mobile and non-mobile assets. Plus, get tips on how to leverage BitLocker as part of your overall compliance and policy enforcement processes. |
| | Microsoft Product Lifecycle Information |
| | Security Events and Training Learn how to install, configure and deploy the new Microsoft Secure Web Gateway solution using Microsoft Forefront TMG 2010. This new Microsoft Press title was written by engineers from the Forefront Edge Team and covers the security aspects of Forefront TMG 2010 deployment and as well as real life troubleshooting experiences. | | June 7-10, New Orleans, LA
More than 65 sessions and labs make up this year's Security, Identity & Access Track. Search the Session Catalog to find the topics and speakers that interest you, and then get registered. | |
| | Upcoming Security Webcasts | Upcoming security webcasts in a dynamic, interactive format. | | For IT Professionals | | Now On Demand | • | MSDN Webcast: Security Talk: Protecting Your Data from the Application to the Database (Level 300) Application developers need to be security conscious, not only because applications can be a target of attack, but also because applications can facilitate the further lockdown of the server. In this webcast, Il-Sung Lee and Raul Garcia discuss some of the considerations that both the application developer and the database administrator should consider to help increase data security. Topics include securing the network channel, using proper authentication, new authorization features introduced in Microsoft SQL Server 2005, execution contexts, database encryption, and common errors and problems related to Microsoft SQL Server security. | | |
| |  | Volume 7, No. 5 May 2010  | | Additional Security Resources | | | © 2010 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA | | | | |
