MCP Monthly Flash: February 17, 2011

The MCP Flash is a newsletter for Microsoft Certified Professionals. New delivery options are available. Click here to confirm your subscription preferences.   Microsoft Certification Benefit Update Whether you are new to the program or a dedicated Microsoft Certified Professional (MCP) who has been with us for years, learning about the benefits available to you as a part of the Microsoft Certification Program can help ensure that you are fully maximizing their usage. In this article we'll discuss exciting changes coming to some of your benefits. Read the full article » Original Publication Date: 02/17/2011 Program Announcements Get Ready for the Cloud: Training and Certification Offerings from Microsoft Most IT professionals and developers will need to gain new skills to support cloud computing. Microsoft is ready to help with new and updated cloud-related certifications and training. Learn more. Read the full article » Original Publication Date: 02/17/2011 Events Live Meetings for Managers: Register Now Microsoft has developed a special series of webcasts to help managers of IT professionals and developers get the most out of training and certification opportunities and optimize team performance. Virtual Training: How to Ready Your IT Staff Anywhere, Anytime Through Remote Training Wednesday, March 23, 2011, 8:00 A.M. Pacific Time Visit the IT Manager Portal to see a full schedule of Live Meetings for Managers or to view a previous meeting on demand. Read the full article » Original Publication Date: 02/17/2011 The Future of the Web Is at MIX11 Join the 72 Hour Conversation at MIX—see the latest tools and technologies and draw inspiration from a professional community of your peers and experts. Get one free hotel night, while quantities last. Learn more.​ Original Publication Date: 02/17/2011 Certification/Exams Join Other IT Professionals and Developers Playing "Are You Certifiable?" Join hundreds of thousands of IT professionals and developers for a chance to top the leader boards at Are You Certifiable? This quiz show-style game now contains a Windows 7 track. Take a shot at answering a few typical certification exam questions, and compete with friends using the "Share Your Score" feature. Who knows? Maybe you'll learn something new! Original Publication Date: 01/24/2011 Microsoft Press/Books E-Book Deal of the Week: Save 50 Percent on Microsoft Press E-Books Microsoft Press e-books from oreilly.com come with full digital rights. You get free lifetime access, multiple file formats, and free updates. And now, exclusively through this newsletter offer, you can save 50 percent on all Microsoft Press e-books. Use discount code DDMF2 in your shopping cart. To receive the weekly e-book offer alerts, you must be signed up to receive the daily or weekly MCP Flash newsletter. Original Publication Date: 02/17/2011 Training - MOC/Courseware/Exams/Clinics Microsoft Learning Training Is Now Available on YouTube Visit the Microsoft Learning YouTube channel and view Microsoft Learning training on the platform and browser of your choice! Don't forget, you can still get complimentary training through Learning Snacks from the Training Catalog. Read the full article » Original Publication Date: 02/17/2011 Bytes by MSDN and TechNet Watch the latest series of Bytes by MSDN or Bytes by TechNet as influential community members, IT professionals, and Microsoft developers, interviewed at DevConnections and Tech·Ed 2010, discuss user experience, the cloud, mobile, Windows 7, and a variety of additional topics that they are passionate about. Check back weekly for the next installment in the series, or subscribe and take it on the go! Original Publication Date: 01/26/2011 Special Offers Stay Connected with the Microsoft Learning Mailing List Stay current on additional special offers, discounts, and new training and certification products by signing up for the Microsoft Learning mailing list. Read the full article » Original Publication Date: 01/31/2011 Monthly Edition February 2011 In This Issue » Program Announcements » Events » Certification » Press » Training » Special Offers Resources » Born to Learn blog » MCP Web site » Special Offers for MCPs Share Your Feedback » Tell Us What You Think About This Newsletter Learning Portals » Windows 7 » Windows Vista » Windows Server 2008 » Microsoft SQL Server 2008 » Microsoft SQL Server 2005 » Visual Studio 2008 » Visual Studio 2005 » Exchange Server 2010 » Exchange Server 2007 » Microsoft Forefront » 2007 Microsoft Office System » Microsoft Office Communications Server 2007 » Microsoft Virtualization Microsoft respects your privacy.  Please read our online Privacy Statement. If you would prefer to no longer receive this newsletter, please click here to unsubscribe or reply to this message with "UNSUBSCRIBE" in the subject line. To set your contact preferences for other Microsoft communications, see the communications preferences section of the Microsoft Privacy Statement. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA Wednesday, February 16, 2011 [+/-] Microsoft Security Newsletter – February 2011 NOTE FROM THE EDITOR Welcome to February's Security Newsletter! Have you ever wondered what goes on when Microsoft is investigating reports of a security vulnerability in one of its products? It turns out that investigating a potential vulnerability and updating over a billion systems around the world requires some very sophisticated engineering practices. Recently I sat down with some key people on the engineering teams at Microsoft that perform the vulnerability investigations and develop the security updates, to discuss the processes they use. The result is a four-part video series that provides you with more insight into what happens during these investigations than ever before. The lengths that Microsoft goes to in order to minimize disruptions to customer experiences and businesses might surprise and impress you. RSA Conference 2011 is underway in San Francisco and I was lucky enough to get to attend the conference again this year. Scott Charney, Corporate Vice President of Trustworthy Computing at Microsoft delivered a great keynote, focusing on Collective Defense: Applying Public Health Models to the Internet. Collective defense is a model designed to help manage the threats on an increasingly hostile Internet; to do this we can take some lessons from how public health models have been successful and improve and maintain the health of consumer devices connected to the Internet. Learn more at www.microsoft.com/security/internethealth. February 2011 Edition IN THIS ISSUE •  Top Stories •  Security Guidance •  Community/MVP Update •  Cloud Security Corner •  This Month's Security Bulletins •  Microsoft Product Lifecycle Information •  Security Events and Training •  Upcoming Security Webcasts Best regards, Tim Rains, Group Product Manager, Microsoft Trustworthy Computing Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape. Windows Internet Explorer 9 Release Candidate Now Available Download the Internet Explorer 9 Release Candidate (RC) today to test the newest built-in security and privacy features, and Group Policy support, in Microsoft's enterprise-ready browser. Microsoft Security Intelligence Report Video Series Find out how information and telemetry is collected for the Security Intelligence Report (SIR) and who its main contributors are. New interviews include Bala Neerumalla (Senior Security Engineer, SQL Server), Terry Zink (Program Manager - Anti-Spam, Microsoft Forefront Online), Anthony Penta (Program Manager, Windows Live Safety Platform). Microsoft SIR Special Edition: Battling the Zbot Threat Learn how the Zbot threat was detected and removed by Microsoft antimalware products and services. Security Tip of the Month: Web App Security with the Microsoft Simplified SDL Get a brief overview of common threat considerations for Web application development and deployment then find out how you can leverage the Microsoft Simplified Security Development Lifecycle (SDL) to help mitigate those threats while achieving the speed and efficiency of cloud computing. Internet Explorer 9 Security and Internet Explorer Administration Kit 9 Learn how to use Internet Explorer Administration Kit 9 (IEAK 9) to configure or manage some of the security features in Internet Explorer 9 including default security settings, Protected Mode, security zones, and trusted sites. New Group Policy Settings for Internet Explorer 9 RC Explore the new Group Policy settings that you can use to manage and control the configuration of Internet Explorer 9 RC in your environment. Selectively Filtering Content in Web Browsers Different browsers offer many different mechanisms for selectively filtering content. This post from the Internet Explorer blog explores how these mechanisms work and provides some detail on the subtle or not so subtle differences between them. Tracking Protection in Internet Explorer 9 Get a quick overview of Tracking Protection in Internet Explorer 9, and how it lets you filter out content in a page that may have an impact on your privacy. Specify Your Network Servers as Trusted Sites Get quick, simple instructions that you can give users to help them specify your network servers as trusted sites in Internet Explorer 9 RC. Introducing ActiveX Filtering in Internet Explorer 9 ActiveX Filtering allows you to browse the Web without running any ActiveX controls. Learn how to leverage this technology to better control the ActiveX controls running in your browser. To learn how to configure ActiveX controls in Internet Explorer 9, read this TechNet Library article. Windows Identity Foundation The Windows Identity Foundation (WIF) helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integrated .NET tools. WIF and Azure ACS Survival Guide Find resources that will help you to get up and running with Windows Identity Foundation (WIF) and Windows Azure AppFabric Access Control Service (ACS) v2. Forefront TMG Access Design Guide Get guidance to help you plan for secure access to the web, and to internal corporate resources, after Forefront TMG has been installed. It guides you through the design process, and provides information that will help you make the access design choices that are appropriate for your business goals, and for your environment. Security MVP of the Month: Rodrigo Immaginario Currently the Chief Information Officer at the Universitario Vila Velha in Brazil, Rodrigo Immaginario has worked in the computer science field since 1994, specializing in security solutions for Microsoft environments including those involving IPsec, Hyper-V, and DirectAccess. His certifications include Certified Information Systems Security Professional (CISSP) and Microsoft Certified Systems Engineer (MCSE) in Security. He has been a Microsoft Most Valuable Professional MVP since 2004. New articles by Rodrigo Immaginario: Why You Should Consider Using IPsec Now Learn why you may want to consider using Internet Protocol security (IPsec) for more than just virtual private network (VPN) connections. How to Improve Security on the Edge with Windows Web Server 2008 and IIS Explore how Windows Web Server 2008 and Internet Information Services (IIS) 7.0 deliver a platform for developing and hosting websites, services and more that enables IT professionals to—with some minor configurations—help minimize the risks of maintaining a Web server directly on the Internet. How to Collaborate Securely with Business Partners through SharePoint Online Walk through the process of using SharePoint Online as a secure collaboration tool for use with not only business partners, but also different business units within your own organization. Windows Azure Software Development Kit (SDK) Refresh Released This refresh of the Windows Azure November 2010 SDK (SDK 1.3) resolves an issue that affects applications developed using SDK v1.3. We are encouraging affected customers to install the refresh of the SDK and re-deploy their application(s). Critical: • MS11-003: Cumulative Security Update for Internet Explorer (2482017) • MS11-006: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) • MS11-007: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) Important: • MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) • MS11-005: Vulnerability in Active Directory Could Allow Denial of Service (2478953) • MS11-008: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) • MS11-009: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) • MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) • MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) • MS11-012: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) • MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) • MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) Security Bulletin Overview for February 2011 Microsoft Security Response Center (MSRC) Blog Post Monthly Security Bulletin Webcast Q&A Windows Media Video (WMV) Windows Media Audio (WMA) iPod Video (MP4) MP3 Audio SECURITY PROGRAM GUIDE •  Microsoft SDL - Developer Starter Kit •  Security Awareness Materials •  Learn Security On the Job COMMUNITY WEBSITES •  IT Pro Security Community SECURITY BLOGS •  Trustworthy Computing Security/Privacy Blogs  •  Michael Howard  •  Eric Lippert  •  Eric Fitzgerald  •  MSRC Blog  •  ACE Team  •  Windows Security  •  Forefront Team  •  Solution Accelerators - Security & Compliance  •  Security Vulnerability Research & Defense  •  Security Development Lifecycle (SDL)  UPCOMING CHATS •  View a listing of upcoming technical chats COMMUNITY SITES •  IT Pro Security Community ADDITIONAL SECURITY RESOURCES •  Security Help and Support for IT Professionals •  TechNet Troubleshooting and Support Page •  Microsoft Security Glossary •  TechNet Security Center •  MSDN Security Developer Center •  Sign-Up for the Microsoft Security Notification Service •  Security Bulletin Search Page •  Microsoft Security Center •  Home Users: Protect Your PC •  MCSE/MCSA: Security Certifications •  Subscribe to TechNet •  Register for TechNet Flash IT Newsletter Internet Explorer 9 Delivery through Automatic Updates Read an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 9 is deployed to their organization through Automatic Updates. Internet Explorer 9 Blocker Toolkit Download The Internet Explorer 9 Blocker Toolkit enables IT administrators to disable the automatic delivery of Internet Explorer 9 as an important class update via Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 9 Blocker Toolkit: Frequently Asked Questions Get answers to commonly asked questions about the Internet Explorer 9 Blocker Toolkit. Find information about your particular products on the Microsoft Product Lifecycle Web site. See a List of Supported Service Packs: Microsoft provides free software updates for security and non-security issues for all supported service packs. Tech•Ed North America 2011: Security, Identity, Access & More Join us in Atlanta for Tech•Ed North America 2011, where you can take advantage of over 915 learning opportunities. Check out the Security, Identity and Access track, which provides guidance and technical detail on Microsoft Forefront products, identity-based access technologies, Windows security technologies, and more. Register by February 28, 2011 to save $200. Security Compliance Manager (SCM) Demo: Using SCM to Simplify Security and Compliance for Your Windows 7 Environment Learn how you can use the Microsoft Security Compliance Manager to strengthen your Windows 7 environment with security settings customized for your organization. The video will walk you through the process of preparing a customized Windows 7 security baseline for deployment, highlighting how the Security Compliance Manager can help your organization simplify the security and compliance process for the most widely used Microsoft technologies. Programming Windows Identity Foundation Get practical, hands-on guidance to help you put Windows Identity Foundation—the claims-based programming model in Microsoft .NET—to work in your Web applications and services. Course 6292A: Installing and Configuring Windows 7 Client This three-day instructor-led course is intended for IT professionals who are interested in expanding their knowledge base and technical skills about Windows 7 Client. In this course, students learn how to install, upgrade, and migrate to Windows 7 client. Students then configure Windows 7 client for network connectivity, security, maintenance, and mobile computing. This course helps students prepare for the Exam 70-680, TS: Windows 7, Configuring. Course 50357A: Implementing Forefront Threat Management Gateway 2010 This two-day instructor-led course provides students with the knowledge and skills to envision, design, and deploy web access, remote access and mail protection solutions using Microsoft Forefront Threat Management Gateway 2010 (TMG), enabling them to identify the requirements and make the appropriate design decisions that will come up during the deployment process, and providing hands-on experience with the products. Forefront Threat Management Gateway Administrator's Companion Get your Web security, network perimeter security, and application layer security gateway up and running smoothly with this comprehensive, one-volume guide to planning, deployment, and administration for Forefront TMG. For IT Professionals TechNet Webcast: Updated Findings of Microsoft Security Intelligence Report Volume 9 (Level 200) Monday, February 28, 2011 11:00 AM Pacific Time TechNet Webcast: Security Compliance Manager Can Simplify Security Baseline Management (Level 200) Thursday, March 03, 2011 10:00 AM Pacific Time Talk TechNet with Keith Combs and Matt Hester - Yuri Diogenes on Forefront Threat Management Gateway (Level 200) Wednesday, March 09, 2011 9:00 AM Pacific Time TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200) Wednesday, March 09, 2011 11:00 AM Pacific Time Talk TechNet with Keith Combs and Matt Hester - Dr. Tom Shinder on DirectAccess (Level 200) Friday, March 11, 2011 9:00 AM Pacific Time For Developers MSDN Webcast: Microsoft ASP.NET Authentication in Microsoft Silverlight Applications (Level 300) Thursday, February 24, 2011 1:00 PM Pacific Time MSDN Webcast: Security Talk: Threat Model Express (Level 200) Thursday, March 03, 2011 1:00 PM Pacific Time For Decision Makers Business Insights Webcast: Forefront Identity Manager: Making it Easy for Administrators (Level 100) Thursday, February 17, 2011 10:00 AM Pacific Time Business Insights Webcast: Best Practices for User Account Lifecycle Management (Level 100) Thursday, February 17, 2011 11:00 AM Pacific Time Business Insights Webcast: Windows Intune: PC Management with Cloud Services and Windows 7 (Level 100) Tuesday, February 22, 2011 11:00 AM Pacific Time Business Insights Webcast: Does Your Identity Management Enhance Your Company's Security? (Level 100) Tuesday, February 22, 2011 11:00 AM Pacific Time Business Insights Webcast: Cloud Readiness with Identity Management (Level 100) Wednesday, February 23, 2011 10:00 AM Pacific Time Business Insights Webcast: Deploying a Secure and Productive Windows 7 (Level 200) Thursday, February 24, 2011 9:00 AM Pacific Time Business Insights Webcast: Secure Management and Access for Windows 7 Featuring DirectAccess (Level 100) Thursday, February 24, 2011 10:00 AM Pacific Time Business Insights Webcast: The Cloud's Silver Lining: Identity Management (Level 100) Wednesday, March 09, 2011 10:00 AM Pacific Time Now on Demand MSDN Webcast: Security Talk: Using Standards-Based Internet Explorer Features to Protect Apps (Level 200) Find out what you need to know to make sure that you are building secure applications that don't expose security vulnerabilities, and learn how to use standards-based Windows Internet Explorer features to protect the applications you develop. TechNet Webcast: Architecting a Rollout of IPV6 for Improved Security and Computer Management (Level 300) Attend this webcast to learn how Microsoft IT has implemented IPv6 along with IPv4. Understand the challenges Microsoft IT faced, the success they had, and the lessons learned. If your company is thinking about deploying the Windows Server 2008 R2 or the Windows 7 operating system, this is a great foundational webcast that can help you with those deployments. Interactive Security Webcast Calendar Upcoming security webcasts in a dynamic, interactive format. This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2011 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, WA, 98052, USA Sign up for this newsletter | Unsubscribe | Update your profile © 2011 Microsoft Corporation Terms of Use | Trademarks | Privacy Statement   Subscribe to: Posts (Atom)