Microsoft Security Newsletter – December 2010

	Are you having difficulty viewing our HTML e-mail? View this e-mail in a browser window. NOTE FROM THE EDITOR Season's greetings and welcome to December's Security Newsletter! The focus of this month's newsletter is server security. Whether you manage risk, manage a network, write code, or wear all of these hats, you should have an in-depth understanding of common security issues such as cross-site scripting and SQL injection. To make this easier, Microsoft's Security Development Lifecycle (SDL) team has started publishing Quick Security References-basic security guides designed to help organizations address common security vulnerabilities. These guides provide separate guidance for several different roles within an organization; business decision makers, architects, developers, and testers/QA personnel all get guidance on common security vulnerabilities, written specifically for their role in language that is meaningful to them. So whether you are a business manager that needs to understand the risk that cross-site scripting poses to a business, or you are a developer that inherited some dubious code that needs to be fixed, Quick Security Reference guides can be useful. Currently there are three Quick Security References available for download: Cross-Site Scripting SQL Injection Exposure of Sensitive Information Best regards, Tim Rains, Group Product Manager, Microsoft Trustworthy Computing Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape. December 2010 Edition IN THIS ISSUE •  Top Stories •  Security Guidance •  Community/MVP Update •  Cloud Security Corner •  This Month's Security Bulletins •  Microsoft Product Lifecycle Information •  Security Events and Training •  Upcoming Security Webcasts SECURITY PROGRAM GUIDE •  Microsoft SDL - Developer Starter Kit •  Security Awareness Materials •  Learn Security On the Job

Security Intelligence Report Video Series, On the Spot - Paris Watch as Bernard Ourghanlian, National Technology Officer and Chief Security Officer for Microsoft France discusses the Security Intelligence Report v9 and the most prevalent threats in France with Vinny Gullotto, Microsoft Engineering General Manager for the Microsoft Malware Protection Center (MMPC). New Version of Microsoft Security Compliance Manager (SCM) Version Now Available Now updated to work reliably behind corporate proxy servers; Microsoft SCM v.1.1.2 also features security baselines for Windows 7, Microsoft Office 2010, Windows Server 2008 R2, and Windows Internet Explorer 8. Download the latest version of this free tool and starting moving toward more effective security and compliance processes for some of the most widely-used Microsoft products. Join the SCM Community on the New TechNet Wiki Looking for the latest info on SCM? Check out the new SCM Wiki, and keep current with SCM through continuously updated content including an FAQ, getting started materials, baseline download help, release notes, and more. Security Tip of the Month: Using the Enhanced Mitigation Experience Toolkit to Safeguard Against Zero Days There have been a number of zero-day vulnerabilities circulating around the Internet recently. Find out how the Enhanced Mitigation Experience Toolkit (EMET) can help you manage security mitigations for your systems. Maintaining DNS and DHCP Server Roles This lesson is part of a two-day, 300-level course focusing on managing and maintaining Windows Server 2008 server roles and security for server administrators who have a good understanding of DHCP, DNS, and other core networking services. Securing Windows Server Get a consolidated view of the feature overviews, step-by-step-guides, and configuration tips for the various security and protection technologies in Windows Server 2008 and Windows Server 2008 R2 from authorization and information protection to security management and network security. BranchCache Security Guide Get comprehensive guidance on how to manage the security of the Microsoft BranchCache feature introduced in Windows Server 2008 R2 and Windows 7. Windows Server 2008 and Windows Server 2008 R2 IT Compliance Management Download the IT Compliance Management Series to access free tools and guidance to help you configure Windows Server 2008 and Windows Server 2008 R2 to address specific IT governance, risk, and compliance (GRC) requirements. Securing Client Access Servers in Exchange Server 2010 Learn how to manage security and authentication related options available for a computer running Microsoft Exchange Server 2010 that has the Client Access server role installed. Hardening SQL Server for SharePoint Environments Get a summary of hardening recommendations then specific details on how to configure a SQL Server instance to listen on a non-default port, how to configure and test a SQL client alias, and much more. Enforcing Security Compliance with Group Policy By Ron Mayo, MCTS, MCSE Explore best practices for enforcing security compliance on servers using Active Directory and Group Policy that can also be applied to enforcing security compliance on workstations. Windows Azure Platform Security Essentials for Business Decision Makers Watch this video for answers to the most common security concerns CxOs and other business decision-makers have regarding the security of their data in Windows Azure cloud platform. You'll learn about the security controls that Azure has in place to help protect the customer applications and data, the security aspects of the Azure infrastructure, and how Microsoft secures its datacenters. You'll also hear a brief description of physical data storage and replication capabilities associated with Windows Azure Storage. Windows Azure Platform Security Essentials for Technical Decision Makers Get answers the most common security concerns CxOs and other technical decision-makers have regarding the security of their data in Windows Azure cloud platform. Included in the discussion are the security controls that Azure has in place to help protect the customer applications and data, an architecture overview of each of the Windows Azure Storage components (blobs, tables, queues and drives), SQL Azure and SQL Azure security (including similarities and differences to the on-premises installation of SQL Server), and details on how Microsoft secures its datacenters. Critical: • MS10-090: Cumulative Security Update for Internet Explorer (2416400) • MS10-091: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) Important: • MS10-092: Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) • MS10-093: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) • MS10-094: Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) • MS10-095: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) • MS10-096: Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) • MS10-097: Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) • MS10-098: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) • MS10-099: Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) • MS10-100: Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) • MS10-101: Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) • MS10-102: Vulnerability in Hyper-V Could Allow Denial of Service (2345316) • MS10-103: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) • MS10-104: Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) • MS10-105: Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Moderate: • MS10-106: Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) Security Bulletin Overview for December 2010 Microsoft Security Response Center (MSRC) Blog Post Windows Media Video (WMV) Windows Media Audio (WMA) iPod Video (MP4) MP3 Audio If It Quacks Like a Bot, It's Probably Qakbot This month, the Malicious Software Removal Tool (MSRT) team added the Win32/Qakbot family of backdoors to its detections. Qakbot is composed of several components, including a keylogger, a password stealer and a user-mode rootkit. Learn more about Qakbot in this MSRT team blog post. SECURITY BLOGS •  Trustworthy Computing Security/Privacy Blogs  •  Michael Howard  •  Eric Lippert  •  Eric Fitzgerald  •  MSRC Blog  •  ACE Team  •  Windows Security  •  Forefront Team  •  Solution Accelerators - Security & Compliance  •  Security Vulnerability Research & Defense  •  Security Development Lifecycle (SDL)  UPCOMING CHATS •  View a listing of upcoming technical chats COMMUNITY SITES •  IT Pro Security Community ADDITIONAL SECURITY RESOURCES •  Security Help and Support for IT Professionals •  TechNet Troubleshooting and Support Page •  Microsoft Security Glossary •  TechNet Security Center •  MSDN Security Developer Center •  Sign-Up for the Microsoft Security Notification Service •  Security Bulletin Search Page •  Microsoft Security Center •  Home Users: Protect Your PC •  MCSE/MCSA: Security Certifications •  Subscribe to TechNet •  Register for TechNet Flash IT Newsletter

Find information about your particular products on the Microsoft Product Lifecycle Web site. See a List of Supported Service Packs: Microsoft provides free software updates for security and non-security issues for all supported service packs. Simplified Implementation of the Microsoft SDL This video helps to illustrate the core concepts of the SDL and discusses the individual security activities that should be performed in order to claim compliance with the SDL process. Security Talk: Using the Microsoft Security Intelligence Report v9 Get a deep dive into the botnets and associated threats as found in the latest Microsoft Security Intelligence Report v9 (observed in the first half of 2010), then find out how you can get more information than ever from the new Microsoft Security Intelligence Report website. For Decision Makers Business Insights Webcast: Windows Intune: PC Management with Cloud Services and Windows 7 (Level 100) Tuesday, January 11, 2011 11:00 AM Pacific Time For IT Professionals TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200) Wednesday, January 12, 2011 11:00 AM Pacific Time Now on Demand TechNet Webcast: SQL Server 2008 R2: Securing Your System (Level 300) When SQL Server 2008 R2 is installed on Windows Server 2008 R2, you can use SQL Server 2008 R2 tools to increase security by decreasing the surface area and storing encrypted keys safely. Watch this webcast to learn how Windows Server 2008 R2 features such as Network Access Protection (NAP) and BitLocker can increase security on your servers. TechNet Webcast: Protecting Exchange Server 2010 Using Hybrid Forefront Protection for Exchange (Level 300) Attend this webcast to learn how Microsoft Forefront and Microsoft Exchange Server 2010 work better together. Discover how Microsoft Forefront Protection 2010 for Exchange Server (FPE) and Microsoft Forefront Online Protection for Exchange (FOPE) facilitate the protection of Microsoft Exchange Server 2010 from malware, unsolicited e-mail, and other security threats. TechNet Webcast: Forefront Unified Access Gateway and DirectAccess - Better Together (Level 200) Attend this webcast to learn about the additional manageabilty, scalability, and security Microsoft Forefront Unified Access Gateway (UAG) brings to DirectAccess deployments. We provide a short overview of DirectAccess, a new innovative technology available in the Windows 7 and Windows Server 2008 R2 operating systems, and we explain what Network Address Translation64 (NAT64) and Domain Name System64 (DNS64) are used for, why do you need two tunnels, and how to set tunnels up. Interactive Security Webcast Calendar Upcoming security webcasts in a dynamic, interactive format.

This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2010 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA

Sign up for this newsletter | Unsubscribe | Update your profile © 2010 Microsoft Corporation Terms of Use | Trademarks | Privacy Statement