Microsoft Security Newsletter – February 2011

	NOTE FROM THE EDITOR Welcome to February's Security Newsletter! Have you ever wondered what goes on when Microsoft is investigating reports of a security vulnerability in one of its products? It turns out that investigating a potential vulnerability and updating over a billion systems around the world requires some very sophisticated engineering practices. Recently I sat down with some key people on the engineering teams at Microsoft that perform the vulnerability investigations and develop the security updates, to discuss the processes they use. The result is a four-part video series that provides you with more insight into what happens during these investigations than ever before. The lengths that Microsoft goes to in order to minimize disruptions to customer experiences and businesses might surprise and impress you. RSA Conference 2011 is underway in San Francisco and I was lucky enough to get to attend the conference again this year. Scott Charney, Corporate Vice President of Trustworthy Computing at Microsoft delivered a great keynote, focusing on Collective Defense: Applying Public Health Models to the Internet. Collective defense is a model designed to help manage the threats on an increasingly hostile Internet; to do this we can take some lessons from how public health models have been successful and improve and maintain the health of consumer devices connected to the Internet. Learn more at www.microsoft.com/security/internethealth. February 2011 Edition IN THIS ISSUE •  Top Stories •  Security Guidance •  Community/MVP Update •  Cloud Security Corner •  This Month's Security Bulletins •  Microsoft Product Lifecycle Information •  Security Events and Training •  Upcoming Security Webcasts

Best regards, Tim Rains, Group Product Manager, Microsoft Trustworthy Computing Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape. Windows Internet Explorer 9 Release Candidate Now Available Download the Internet Explorer 9 Release Candidate (RC) today to test the newest built-in security and privacy features, and Group Policy support, in Microsoft's enterprise-ready browser. Microsoft Security Intelligence Report Video Series Find out how information and telemetry is collected for the Security Intelligence Report (SIR) and who its main contributors are. New interviews include Bala Neerumalla (Senior Security Engineer, SQL Server), Terry Zink (Program Manager - Anti-Spam, Microsoft Forefront Online), Anthony Penta (Program Manager, Windows Live Safety Platform). Microsoft SIR Special Edition: Battling the Zbot Threat Learn how the Zbot threat was detected and removed by Microsoft antimalware products and services. Security Tip of the Month: Web App Security with the Microsoft Simplified SDL Get a brief overview of common threat considerations for Web application development and deployment then find out how you can leverage the Microsoft Simplified Security Development Lifecycle (SDL) to help mitigate those threats while achieving the speed and efficiency of cloud computing. Internet Explorer 9 Security and Internet Explorer Administration Kit 9 Learn how to use Internet Explorer Administration Kit 9 (IEAK 9) to configure or manage some of the security features in Internet Explorer 9 including default security settings, Protected Mode, security zones, and trusted sites. New Group Policy Settings for Internet Explorer 9 RC Explore the new Group Policy settings that you can use to manage and control the configuration of Internet Explorer 9 RC in your environment. Selectively Filtering Content in Web Browsers Different browsers offer many different mechanisms for selectively filtering content. This post from the Internet Explorer blog explores how these mechanisms work and provides some detail on the subtle or not so subtle differences between them. Tracking Protection in Internet Explorer 9 Get a quick overview of Tracking Protection in Internet Explorer 9, and how it lets you filter out content in a page that may have an impact on your privacy. Specify Your Network Servers as Trusted Sites Get quick, simple instructions that you can give users to help them specify your network servers as trusted sites in Internet Explorer 9 RC. Introducing ActiveX Filtering in Internet Explorer 9 ActiveX Filtering allows you to browse the Web without running any ActiveX controls. Learn how to leverage this technology to better control the ActiveX controls running in your browser. To learn how to configure ActiveX controls in Internet Explorer 9, read this TechNet Library article. Windows Identity Foundation The Windows Identity Foundation (WIF) helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integrated .NET tools. WIF and Azure ACS Survival Guide Find resources that will help you to get up and running with Windows Identity Foundation (WIF) and Windows Azure AppFabric Access Control Service (ACS) v2. Forefront TMG Access Design Guide Get guidance to help you plan for secure access to the web, and to internal corporate resources, after Forefront TMG has been installed. It guides you through the design process, and provides information that will help you make the access design choices that are appropriate for your business goals, and for your environment. Security MVP of the Month: Rodrigo Immaginario Currently the Chief Information Officer at the Universitario Vila Velha in Brazil, Rodrigo Immaginario has worked in the computer science field since 1994, specializing in security solutions for Microsoft environments including those involving IPsec, Hyper-V, and DirectAccess. His certifications include Certified Information Systems Security Professional (CISSP) and Microsoft Certified Systems Engineer (MCSE) in Security. He has been a Microsoft Most Valuable Professional MVP since 2004. New articles by Rodrigo Immaginario: Why You Should Consider Using IPsec Now Learn why you may want to consider using Internet Protocol security (IPsec) for more than just virtual private network (VPN) connections. How to Improve Security on the Edge with Windows Web Server 2008 and IIS Explore how Windows Web Server 2008 and Internet Information Services (IIS) 7.0 deliver a platform for developing and hosting websites, services and more that enables IT professionals to—with some minor configurations—help minimize the risks of maintaining a Web server directly on the Internet. How to Collaborate Securely with Business Partners through SharePoint Online Walk through the process of using SharePoint Online as a secure collaboration tool for use with not only business partners, but also different business units within your own organization. Windows Azure Software Development Kit (SDK) Refresh Released This refresh of the Windows Azure November 2010 SDK (SDK 1.3) resolves an issue that affects applications developed using SDK v1.3. We are encouraging affected customers to install the refresh of the SDK and re-deploy their application(s). Critical: • MS11-003: Cumulative Security Update for Internet Explorer (2482017) • MS11-006: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) • MS11-007: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) Important: • MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) • MS11-005: Vulnerability in Active Directory Could Allow Denial of Service (2478953) • MS11-008: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) • MS11-009: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) • MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) • MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) • MS11-012: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) • MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) • MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) Security Bulletin Overview for February 2011 Microsoft Security Response Center (MSRC) Blog Post Monthly Security Bulletin Webcast Q&A Windows Media Video (WMV) Windows Media Audio (WMA) iPod Video (MP4) MP3 Audio SECURITY PROGRAM GUIDE •  Microsoft SDL - Developer Starter Kit •  Security Awareness Materials •  Learn Security On the Job COMMUNITY WEBSITES •  IT Pro Security Community SECURITY BLOGS •  Trustworthy Computing Security/Privacy Blogs  •  Michael Howard  •  Eric Lippert  •  Eric Fitzgerald  •  MSRC Blog  •  ACE Team  •  Windows Security  •  Forefront Team  •  Solution Accelerators - Security & Compliance  •  Security Vulnerability Research & Defense  •  Security Development Lifecycle (SDL)  UPCOMING CHATS •  View a listing of upcoming technical chats COMMUNITY SITES •  IT Pro Security Community ADDITIONAL SECURITY RESOURCES •  Security Help and Support for IT Professionals •  TechNet Troubleshooting and Support Page •  Microsoft Security Glossary •  TechNet Security Center •  MSDN Security Developer Center •  Sign-Up for the Microsoft Security Notification Service •  Security Bulletin Search Page •  Microsoft Security Center •  Home Users: Protect Your PC •  MCSE/MCSA: Security Certifications •  Subscribe to TechNet •  Register for TechNet Flash IT Newsletter

Internet Explorer 9 Delivery through Automatic Updates Read an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 9 is deployed to their organization through Automatic Updates. Internet Explorer 9 Blocker Toolkit Download The Internet Explorer 9 Blocker Toolkit enables IT administrators to disable the automatic delivery of Internet Explorer 9 as an important class update via Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 9 Blocker Toolkit: Frequently Asked Questions Get answers to commonly asked questions about the Internet Explorer 9 Blocker Toolkit. Find information about your particular products on the Microsoft Product Lifecycle Web site. See a List of Supported Service Packs: Microsoft provides free software updates for security and non-security issues for all supported service packs. Tech•Ed North America 2011: Security, Identity, Access & More Join us in Atlanta for Tech•Ed North America 2011, where you can take advantage of over 915 learning opportunities. Check out the Security, Identity and Access track, which provides guidance and technical detail on Microsoft Forefront products, identity-based access technologies, Windows security technologies, and more. Register by February 28, 2011 to save $200. Security Compliance Manager (SCM) Demo: Using SCM to Simplify Security and Compliance for Your Windows 7 Environment Learn how you can use the Microsoft Security Compliance Manager to strengthen your Windows 7 environment with security settings customized for your organization. The video will walk you through the process of preparing a customized Windows 7 security baseline for deployment, highlighting how the Security Compliance Manager can help your organization simplify the security and compliance process for the most widely used Microsoft technologies. Programming Windows Identity Foundation Get practical, hands-on guidance to help you put Windows Identity Foundation—the claims-based programming model in Microsoft .NET—to work in your Web applications and services. Course 6292A: Installing and Configuring Windows 7 Client This three-day instructor-led course is intended for IT professionals who are interested in expanding their knowledge base and technical skills about Windows 7 Client. In this course, students learn how to install, upgrade, and migrate to Windows 7 client. Students then configure Windows 7 client for network connectivity, security, maintenance, and mobile computing. This course helps students prepare for the Exam 70-680, TS: Windows 7, Configuring. Course 50357A: Implementing Forefront Threat Management Gateway 2010 This two-day instructor-led course provides students with the knowledge and skills to envision, design, and deploy web access, remote access and mail protection solutions using Microsoft Forefront Threat Management Gateway 2010 (TMG), enabling them to identify the requirements and make the appropriate design decisions that will come up during the deployment process, and providing hands-on experience with the products. Forefront Threat Management Gateway Administrator's Companion Get your Web security, network perimeter security, and application layer security gateway up and running smoothly with this comprehensive, one-volume guide to planning, deployment, and administration for Forefront TMG. For IT Professionals TechNet Webcast: Updated Findings of Microsoft Security Intelligence Report Volume 9 (Level 200) Monday, February 28, 2011 11:00 AM Pacific Time TechNet Webcast: Security Compliance Manager Can Simplify Security Baseline Management (Level 200) Thursday, March 03, 2011 10:00 AM Pacific Time Talk TechNet with Keith Combs and Matt Hester - Yuri Diogenes on Forefront Threat Management Gateway (Level 200) Wednesday, March 09, 2011 9:00 AM Pacific Time TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200) Wednesday, March 09, 2011 11:00 AM Pacific Time Talk TechNet with Keith Combs and Matt Hester - Dr. Tom Shinder on DirectAccess (Level 200) Friday, March 11, 2011 9:00 AM Pacific Time For Developers MSDN Webcast: Microsoft ASP.NET Authentication in Microsoft Silverlight Applications (Level 300) Thursday, February 24, 2011 1:00 PM Pacific Time MSDN Webcast: Security Talk: Threat Model Express (Level 200) Thursday, March 03, 2011 1:00 PM Pacific Time For Decision Makers Business Insights Webcast: Forefront Identity Manager: Making it Easy for Administrators (Level 100) Thursday, February 17, 2011 10:00 AM Pacific Time Business Insights Webcast: Best Practices for User Account Lifecycle Management (Level 100) Thursday, February 17, 2011 11:00 AM Pacific Time Business Insights Webcast: Windows Intune: PC Management with Cloud Services and Windows 7 (Level 100) Tuesday, February 22, 2011 11:00 AM Pacific Time Business Insights Webcast: Does Your Identity Management Enhance Your Company's Security? (Level 100) Tuesday, February 22, 2011 11:00 AM Pacific Time Business Insights Webcast: Cloud Readiness with Identity Management (Level 100) Wednesday, February 23, 2011 10:00 AM Pacific Time Business Insights Webcast: Deploying a Secure and Productive Windows 7 (Level 200) Thursday, February 24, 2011 9:00 AM Pacific Time Business Insights Webcast: Secure Management and Access for Windows 7 Featuring DirectAccess (Level 100) Thursday, February 24, 2011 10:00 AM Pacific Time Business Insights Webcast: The Cloud's Silver Lining: Identity Management (Level 100) Wednesday, March 09, 2011 10:00 AM Pacific Time Now on Demand MSDN Webcast: Security Talk: Using Standards-Based Internet Explorer Features to Protect Apps (Level 200) Find out what you need to know to make sure that you are building secure applications that don't expose security vulnerabilities, and learn how to use standards-based Windows Internet Explorer features to protect the applications you develop. TechNet Webcast: Architecting a Rollout of IPV6 for Improved Security and Computer Management (Level 300) Attend this webcast to learn how Microsoft IT has implemented IPv6 along with IPv4. Understand the challenges Microsoft IT faced, the success they had, and the lessons learned. If your company is thinking about deploying the Windows Server 2008 R2 or the Windows 7 operating system, this is a great foundational webcast that can help you with those deployments. Interactive Security Webcast Calendar Upcoming security webcasts in a dynamic, interactive format.

This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2011 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA

Sign up for this newsletter | Unsubscribe | Update your profile © 2011 Microsoft Corporation Terms of Use | Trademarks | Privacy Statement