This is a monthly newsletter for IT professionals and developers-bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. | | Note from the Editor
|  Welcome to July's Security Newsletter! If you are an IT professional who holds some responsibility for security and privacy within your organization, you are probably already aware of the importance of keeping all of your software up to date. If you aren't, you need to look at the data in the latest Microsoft Security Intelligence Report on vulnerability disclosures across the entire software industry. One look at the data should be enough to convince you that all your software vendors should be giving you security updates for their products.
Whether your organization purchases software from an independent software vendor (ISV) or develops software in-house, you'll want software that has been developed with a security assurance process that helps to reduce the number and severity of security vulnerabilities. The security assurance process we use at Microsoft is called the Security Development Lifecycle (SDL). For example, Microsoft Office 2010 that was recently released was developed using the SDL; this video will provide you with an overview of how the SDL helped improve Office 2010 security.
If you are interested in learning more about the SDL and how your organization can leverage it, check out this video that will quickly bring you up to speed and, of course, the SDL website.
Also, if you aren't already aware, Microsoft is sponsoring the Black Hat Security Conference in Las Vegas again, where we have several speakers talking about technical security issues. I hope to see you there!
Best regards,
Tim Rains, Group Product Manager,
Microsoft Trustworthy Computing
Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape. | |
| | Forefront Endpoint Protection (FEP) 2010 Beta is now available for download. FEP, the next generation release of Forefront Client Security, will simplify and improve endpoint protection while greatly reducing infrastructure costs. It builds on System Center Configuration Manager 2007 R2, enabling you to use the existing client management infrastructure to deploy and manage endpoint protection. Learn more on the Forefront Endpoint Security Blog then download the Beta to try the new release. | | Windows 7 and Windows Server 2008 R2 SP1 Beta helps keep your PCs and servers on the latest support level, provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback | | Start securing your desktop infrastructure by utilizing the MAP Toolkit for PC Security. Assess the virus and spyware vulnerability of your client infrastructure and evaluate its readiness for Forefront Client Security and NAP migration. MAP 5.0 also includes software usage tracking to simplify license management and compliance assessment, and a Windows 2000 Server Migration Assessment. | | Threat modeling is a core component of the design phase in the Microsoft SDL. The EoP Card Game can help you better understand threat modeling and examine possible threats to software and computer systems such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. Test your knowledge and challenge other developers. | |
| | | Explore the reasons why home (non-domain) users and those who use enterprise (domain-joined) computers face different vulnerabilities then find a selection of best practices and solutions that should be considered to help protect your users. | | Quickly find answers to common questions about SP1 Beta such as language availability, installation, and expiration. | | Are you a software designer, architect, developer, or tester interested in secure cloud computing solutions? Download this paper to learn about the challenges and recommended approaches to design and develop more secure applications for Microsoft's Windows Azure platform. Get an overview of Windows Azure security-related platform services as well as best practices for secure design, development, and deployment. | | Get information to help you plan for a secure desktop configuration for Office 2010, including insight into which security risks and threats are relevant to Office 2010, and which might pose a risk to an organization's business assets or processes. | | From a complete introduction to specific tips on customization, shortcut keys, and running Windows PowerShell scripts, this guide will help you get familiar with Windows PowerShell and use it like a pro in no time. | |
| | This Month's Security Bulletins | Security Bulletin Overview for July 2010 | |
| | Microsoft Product Lifecycle Information |
| | Security Events and Training | Learn about Microsoft Forefront Endpoint Protection 2010 and watch in-depth technical demonstrations of Forefront Threat Management Gateway (TMG), Unified Access Gateway (UAG) and related solutions. | Dive deep into technical demonstrations of the secure messaging, information protection, secure collaboration, and identity and access management solutions that comprise Microsoft Forefront's Business Ready Security strategy. | | Get familiar with Microsoft SharePoint 2010 security architecture. The video will show you how to configure user access and the basics of claims-based authentication. | |
| | Upcoming Security Webcasts | Upcoming security webcasts in a dynamic, interactive format. | | For IT Professionals | | Now On Demand | • | | | • | | | • | TechNet Webcast: Best Practices for Deploying a Microsoft Secure Collaboration Solution (Level 300) Hear from an expert partner about real-world deep dive scenarios and best practices for deploying Microsoft's Secure Collaboration Solution, including Active Directory Rights Management Services, Forefront Protection 2010 for SharePoint, Active Directory Federation Services, and Forefront Unified Access Gateway 2010. Also learn how they enable more secure business collaboration from virtually anywhere, while preventing unauthorized use of confidential information. | | |
| |  | July 2010 Edition  | | Additional Security Resources | | | © 2010 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA | | | | |
