Microsoft Security Newsletter – March 2011

	NOTE FROM THE EDITOR March's Security Newsletter is here and this month we are focusing on the tools that can help you better secure and manage your servers, desktops, users and more! I talk to customers from all over the world about computer security. One of the common things I hear is that it's difficult to articulate the return on investment (ROI) of the secure development efforts undertaken by their IT departments and development organizations. To help chief security officers, IT professionals, and developers better communicate the value of secure development, we commissioned Forrester Consulting to conduct a survey study. The study, entitled "State of Application Security: Immature Practices Fuel Inefficiencies, but Positive ROI Is Attainable," provides insight on the current state of application security development practices and identifies key trends and market directions for application security. We hope this can be a helpful tool in your future ROI conversations. We also have some new threat intelligence for you this month. Many of the customers I have talked to, particularly in the finance industry, have been very concerned about a threat called Zbot (a.k.a. Zeus). Win32/Zbot can be used for a variety of illicit purposes including sending spam email messages, executing distributed denial-of-service (DDoS) attacks, and distributing malware. However, its primary purpose, and the one for which it was specifically developed, is to steal financial information from infected computers. The Microsoft Malware Protection Center (MMPC) has released a special edition of the Microsoft Security Intelligence Report (SIR) called Battling the Zbot Threat to bring you up to speed on this threat and the work that the MMPC has been doing to fight it. Best regards, March 2011 Edition IN THIS ISSUE •  Top Stories •  Security Guidance •  Community/MVP Update •  Cloud Security Corner •  This Month's Security Bulletins •  Microsoft Product Lifecycle Information •  Security Events and Training •  Upcoming Security Webcasts SECURITY PROGRAM GUIDE

Tim Rains, Group Product Manager, Microsoft Trustworthy Computing Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape. Windows Internet Explorer 9 Released to Web Internet Explorer 9 includes several new features that can help protect computers from viruses as well a new feature called Tracking Protection that lets you limit the way that websites track activity as you browse the web. Download Internet Explorer 9 today then get guidance to help you pilot and deploy this enterprise-ready browser in your organization with the Springboard Series for Internet Explorer 9. Operation b107 - Rustock Botnet Takedown Using the knowledge gained during its takedown of the botnet Waledac just over a year ago, the Microsoft Digital Crimes Unit (DCU) has successfully taken down a larger, more notorious and complex botnet known as Rustock, which had an estimated infection count above one million computers and was capable of sending billions of spam messages per day. Learn more on The Official Microsoft Blog. Earthquake in Japan: How to Help While Avoiding Donation Fraud When we hear about a disaster like the earthquake in Japan, many of us try to think of ways we can help. Read this Security Tips & Talk blog post for valuable tips you can pass on to your end users to help them avoid online donation scams. Security Tip of the Month: Improving Security Using Attack Surface Analyzer Learn how to use Attack Surface Analyzer, a free tool from Microsoft, to better understand the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. Microsoft Security Compliance Manager The Microsoft Security Compliance Manager (SCM) will help you plan, deploy, operate, and manage your security baselines for the most widely used Microsoft technologies. Learn more about this free tool—which includes security baselines for Windows Server 2008 R2, Microsoft Office 2010, Windows 7, and Internet Explorer8—then check out tips for getting started and answers to frequently asked questions. Infrastructure Planning and Design Guide for Malware Response Looking to limit the risk of malware infection? This new guide can help your organization determine the best and most cost-effective response strategy for malware outbreaks. Learn how your quick decisions can return systems to operation while limiting your exposure then download the guide. Malicious Software Removal Tool Need to check your computers for malware infection? Download the Microsoft Windows Malicious Software Removal Tool. Updated monthly and available in x86 and x64 versions, the tool checks Windows Vista, Windows 7, Windows XP, Windows 2000, and Windows Server 2003 computers for, and helps remove, infections by specific, prevalent malicious software-including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome including which, if any, malicious software was detected and removed. Getting Started with the SDL Threat Modeling Tool Find tips to help you get started with the Microsoft Security Development Lifecycle (SDL) threat modeling approach and learn how to use the tool to develop great threat models as a backbone of your security process. Available as a free download, the SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. Microsoft Baseline Security Analyzer: Frequently Asked Questions Get answers to frequently asked questions about Microsoft Baseline Security Analyzer (MBSA) 2.2 including system requirements, configuration, scanning, and reporting. MBSA 2.2 provides a streamlined method for IT pros to identify missing security updates and common security misconfigurations. Detecting Security Bulletins with the Extended Security Update Inventory Tool The Extended Security Update Inventory Tool is designed to help IT pros identify Microsoft Systems Management Server (SMS) client computers that may need security updates that are not detectable using the existing SMS Security Update Inventory Tool built on MBSA. Virtual Machine Servicing Tool 3.0 Learn how to reduce IT costs by using Virtual Machine Servicing Tool (VMST) 3.0 to more easily update your offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches—without introducing vulnerabilities into your IT infrastructure. New Forum: Security for the Windows Azure Platform Discuss Windows Azure platform security best practices, including data security for Windows Azure Storage and SQL Azure as well as authentication and authorization methods. Using the Private Cloud Today Explore the key roles Windows Server 2008 R2, Hyper-V and System Center can play for IT pros who want to tap the savings and flexibility of the private cloud now using tools they know and trust. The private cloud—a virtualized datacenter running on resources you control on-premises or in a provider's dedicated systems—makes the most of the hardware and software you've already invested in, and sets the stage for introducing more flexible and scalable services in the future. Learn more in this video interview with Brad Anderson, Corporate Vice President, Microsoft Management & Security Division. Security Bulletins to Get a New Location In June 2011, the Microsoft Security Bulletins and Advisories will be moving to their new home on the Security TechCenter on TechNet. We are making the move to provide a better integrated experience with the wealth of technical content on the TechNet site and to take advantage of new user experience capabilities available on the TechNet platform. Look for more details in the April edition of this newsletter. Critical: • MS11-015: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) Important: • MS11-017: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) • MS11-016: Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047) Security Bulletin Overview for March 2011 Microsoft Security Response Center (MSRC) Blog Post Monthly Security Bulletin Webcast Q&A Windows Media Video (WMV) Windows Media Audio (WMA) iPod Video (MP4) MP3 Audio •  Microsoft SDL - Developer Starter Kit •  Security Awareness Materials •  Learn Security On the Job COMMUNITY WEBSITES •  IT Pro Security Community SECURITY BLOGS •  Trustworthy Computing Security/Privacy Blogs  •  Michael Howard  •  Eric Lippert  •  Eric Fitzgerald  •  MSRC Blog  •  ACE Team  •  Windows Security  •  Forefront Team  •  Solution Accelerators - Security & Compliance  •  Security Vulnerability Research & Defense  •  Security Development Lifecycle (SDL)  UPCOMING CHATS •  View a listing of upcoming technical chats COMMUNITY SITES •  IT Pro Security Community ADDITIONAL SECURITY RESOURCES •  Security Help and Support for IT Professionals •  TechNet Troubleshooting and Support Page •  Microsoft Security Glossary •  TechNet Security Center •  MSDN Security Developer Center •  Sign-Up for the Microsoft Security Notification Service •  Security Bulletin Search Page •  Microsoft Security Center •  Home Users: Protect Your PC •  MCSE/MCSA: Security Certifications •  Subscribe to TechNet •  Register for TechNet Flash IT Newsletter

Reminder: Windows Vista Service Pack 1 End of Support Windows Vista Service Pack 1 will reach the end of support on July 12, 2011. From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista SP1. In order to stay secure and continue support, you must upgrade to Service Pack 2 (SP2). Find information about your particular products on the Microsoft Product Lifecycle Web site. See a List of Supported Service Packs: Microsoft provides free software updates for security and non-security issues for all supported service packs. Tech•Ed North America 2011: Security, Identity, Access & More May 16–19, 2011 - Atlanta, GA Join us in Atlanta for Tech•Ed North America 2011, where you can take advantage of over 915 learning opportunities. Check out the Security, Identity and Access track, which provides guidance and technical detail on Microsoft Forefront products, identity-based access technologies, Windows security technologies, and more. Register by February 28, 2011 to save $200. Windows Intune Technology Tune-up Thursday, March 31, 2011 9:00 AM Pacific Time Join Microsoft Technical Fellow and host Mark Russinovich for the Windows Intune Technology Tune-up. Mark will be joined by a panel of IT pros and subject matter experts discussing best practices in PC management, the challenges of protecting and supporting remote users, and their experiences with Windows Intune. This event is designed to jumpstart your trial of Windows Intune and includes product demonstrations, how-to tips and tricks, and an opportunity to ask the panel your questions about cloud-based PC management. Click here to save the date. Using Microsoft Security Compliance Manager to Simplify Security and Compliance for Your Windows 7 Environment Learn how you can use Security Compliance Manager to strengthen your Windows 7 environment, with security settings customized for your organization. For IT Professionals Talk TechNet with Keith Combs and Matt Hester - Darren Mar-Elia on Group Policy (Level 200) Wednesday, March 30, 2011 9:00 AM Pacific Time TechNet Webcast: Forefront Protection for Office: Overview (Level 200) Wednesday, March 30, 2011 1:00 PM Pacific Time Technical Talks with Tim Vander Kooi: Windows 7, Under Your Control (Level 200) Thursday, April 07, 2011 11:00 AM Pacific Time TechNet Webcast: Information About Microsoft April Security Bulletins (Level 200) Wednesday, April 13, 2011 11:00 AM Pacific Time TechNet Webcast: Forefront Online Protection for Exchange Encryption Overview (Level 300) Thursday, April 14, 2011 10:00 AM Pacific Time Talk TechNet with Keith Combs and Matt Hester - Elias Mereb on Windows Client Security and Reliability (Level 100) Friday, April 15, 2011 9:00 AM Pacific Time For Developers MSDN Webcast: Security Talk: Using the Attack Surface Analyzer (Level 200) Thursday, April 07, 2011 1:00 PM Pacific Time For Decision Makers Business Insights Webcast: Deploying a Secure and Productive Windows 7 (Level 200) Thursday, March 31, 2011 9:00 AM Pacific Time Microsoft Technology Roadmap Live Simulcast Thursday, April 07, 2011 5:30 AM Pacific Time Business Insights Webcast: Consumerization: How Consumer Devices Are Changing the Way IT Works (Level 100) Tuesday, April 12, 2011 11:00 AM Pacific Time Now on Demand MSDN Webcast: Security Talk: Threat Model Express (Level 200) Learn how to create a threat model for web applications using an organization's most valuable resource: its people. Interactive Security Webcast Calendar Upcoming security webcasts in a dynamic, interactive format.

This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2011 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA

Sign up for this newsletter | Unsubscribe | Update your profile © 2011 Microsoft Corporation Terms of Use | Trademarks | Privacy Statement