Microsoft Security Newsletter - December 2012

Welcome to December’s Security Newsletter! A layered defense can provide protection from unauthorized, unmanaged, and unhealthy computers no matter how they connect to the network. When we talk to customers around the world about threat intelligence, we typically emphasize the importance of layered defenses to help protect against malware. Frequently these conversations focus on protecting the operating system, applications and data. But with the recent release of Windows 8, a new layer has been added to the defense mechanisms that build on several important industry standards. Picture your current antimalware approach for a minute. I am sure many of you perform the standard practices of running antimalware tools, keeping your computer up to date, using strong passwords and being smart about the emails you click on, web sites you visit etc. The one challenge to date has been better assurance about whether your computer has booted from a position of trust. There are many pieces of malicious software, such as rootkits, that seek to hide their existence by running before the operating system completely loads. This type of malware can be hard to detect and remove, so the Secure Boot feature of Windows 8 was introduced to help provide an integrity check on the boot files, operating system, drivers and boot policies. If you are interested in learning more about the topic, I encourage you to check out the blog post "Important advancements toward a safer, more trusted internet" we recently published which takes a deeper dive on some of the standards, technology and processes and how they relate to Windows 8. We’ve also compiled a list of the top resources to help you leverage the native security features in Windows 8, and related technologies such as Windows Intune and System Center Endpoint Protection, in this month’s newsletter. Best regards, Tim Rains, Director Microsoft Trustworthy Computing Note: Due to an error with our email publishing system, you may have also received the consumer version of this newsletter earlier this month. We apologize for any inconvenience this may have caused and have taken measures to prevent this from happening in the future. Thank you for subscribing to the Microsoft Security Newsletter for technical professionals! Top Stories Using the Past to Predict the Future: Top 5 Threat Predictions for 2013 Explore Microsoft TwC Director Tim Rains’ thoughts on the top five trends we may see in the coming year based on observations of the current threat landscape. Compliance Series: Software Security and Compliance Introduction Check out the first of a series of posts about the Microsoft Security Development Lifecycle (SDL) and compliance and learn how the SDL can help you support multiple compliance requirements during software development. New Guidance to Mitigate Determined Adversaries’ Favorite Attack: Pass-the-Hash Although targeted attacks continue to make up a small fraction of the attacks we see today, reports of attacks targeting organizations and governments have attracted a lot of attention recently. As a result, Microsoft has published a comprehensive white paper that contains mitigations and guidance called "Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques" to help ensure that customers have the most comprehensive guidance to help them implement these tested mitigations. Security Guidance Security Tip of the Month: Configuring BitLocker for Tablets Learn about a new architectural standard called Connected Standby and learn how, with BitLocker, you can eliminate the need for pre-boot authentication in certain types of devices—enabling you to provide the ideal user experience, reduced costs, and increased security on tablets. What’s New in Windows 8 Security Explore the new and changed functionality in Windows 8 security from BitLocker, AppLocker, and smart cards to security auditing and Windows Firewall with Advanced Security and IPsec. Windows 8 Security Demonstrations Watch short, technical demonstrations of key Windows 8 security features for IT professionals and learn how to better secure your Windows 8 PCs while enabling the mobile productivity users have come to expect. BitLocker in Windows 8 – Learn how, with the BitLocker improvements in Windows 8, you can now protect valuable data on often easy-to-lose USB drives in less time and thereby increase end user acceptance of this form of data protection. Secure Boot – Explore Secure Boot, also referred to as Trusted Boot, a new security feature in Windows 8 that leverages the Unified Extensible Firmware Interface (UEFI) to block the loading and operation of any program or driver that has not been signed by an OS-provided key, and thus protects the integrity of the kernel, system files, boot-critical drivers, and even antimalware software. Windows to Go – Explore this new feature for enterprise users of Windows 8 that enables users to securely boot a full version of Windows from external USB drives on host PCs. Security and Data Protection Considerations for Windows To Go Helping to ensure that the data, content, and resources you are working with in the Windows To Go workspace is protected and secure is one of the most important requirements that you have when planning your Windows To Go deployment. This article provides valuable pre-deployment considerations. Preparing for BitLocker: Planning and Policies When you design your BitLocker deployment strategy, define the appropriate policies and configuration requirements based on the business requirements of your organization. Learn how to collect information that you can use to frame your decision-making process about deploying and managing BitLocker systems. Credential Locker Overview Credential Locker is a service that creates and maintains a secure storage area on the local computer that stores user names and passwords the user saved from websites and Windows 8 apps. Get an overview of this feature, learn how it works, and find resources to help you leverage it in your organization. Microsoft Security Compliance Manager 3.0 Beta Refresh The Microsoft Security Compliance Manager (SCM) 3.0 Beta Refresh is now available for download and includes new security and compliance baselines for Windows Server 2012, Windows 8, and Internet Explorer 10. Not familiar with SCM? Read this short overview and answers to frequently asked questions. Community Update Security MVP Tip: Using System Center Endpoint Protection The successor to Forefront Endpoint Protection, and available through and managed by System Center Configuration Manager 2012, System Center Endpoint Protection is Microsoft’s enterprise antimalware solution. In this article, Security MVP Orin Thomas explores the benefits of deploying System Center Endpoint Protection to better protect Windows 8 and Windows Server 2012 computers. Cloud Security Corner Managing Device Security with Windows Intune Windows Intune is an integrated, cloud-based client management solution that provides tools, reports, and upgrade licenses to the latest version of Windows. Learn how you can use Windows Intune to help secure your computers and mobile devices. This Month's Security Bulletins Microsoft Security Bulletin Summary for December 2012 Critical MS12-077: Cumulative Security Update for Internet Explorer (2761465) MS12-078: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) MS12-079: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) MS12-080: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) MS12-081: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) Important MS12-082: Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) MS12-083: Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) December 2012 Security Bulletin Resources: Microsoft Security Response Center (MSRC) Blog Post Security Bulletin Quick Overview (MP4) – 600k | 400k Security Bulletin Webcast (MP4) – 3000k | 600k | 400k Security Bulletin Webcast Q&A Security Events and Training Windows 8 Jump Start: Recovery and Security Learn how to better control, secure, and manage Windows 8 PCs with BitLocker, UEFI, Secure Boot, and Measured Boot. This course will go over the security features integrated into Windows 8 and then walk you through the process of leveraging complementary technologies such as the Diagnostics and Recovery Toolset (DaRT) and Microsoft BitLocker Administration and Monitoring (MBAM). Microsoft Virtual Academy: Operating and Managing a Secure Windows 8 Environment Find out how to keep your users safe and protect your infrastructure by using advanced Windows 8 technologies like AppLocker, BitLocker, and Windows Firewall. In this course, you will explore the security and privacy options in Windows 8 and learn how to manage a more secure Windows 8 environment. TechNet Webcast: Information About the January 2013 Security Bulletin Release Wednesday, January 9, 2013 Join this webcast for a brief overview of the technical details of January’s Microsoft security bulletins. As the goal is to address your concerns, Microsoft security experts devote most of the webcast to answering the questions that you ask. TechNet Webcast: Information About the February 2013 Security Bulletin Release Wednesday, February 13, 2013 Join this webcast for a brief overview of the technical details of February’s Microsoft security bulletins. As the goal is to address your concerns, Microsoft security experts devote most of the webcast to answering the questions that you ask. – December 2012 – In This Issue Top Stories Security Guidance Community Update Cloud Security Corner This Month′s Security Bulletins Security Events and Training Essential Tools Microsoft Security Bulletins Microsoft Security Compliance Manager Enhanced Mitigation Experience Toolkit Malware Response Guide Microsoft Malicious Software Removal Tool Microsoft Baseline Security Analyzer Microsoft Security Development Lifecycle Starter Kit Troubleshooting and Support Security Troubleshooting and Support Resources Microsoft Support Security Product Solution Centers Microsoft Support Virus & Security Solution Center TechNet Forums Security Blogs Trustworthy Computing Security and Privacy Microsoft Security Microsoft Malware Protection Center Microsoft Security Development Lifecycle Microsoft Security Research and Defense Microsoft Security Response Center Security and Compliance Solution Accelerators Additional Resources TechNet Security Center Microsoft Malware Protection Center Microsoft Security Response Center Microsoft Security Development Lifecycle Security Demonstrations and Tutorials Security Intelligence Report This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2012 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft respects your privacy. To learn more please read our online Privacy Statement. If you would prefer to no longer receive this newsletter, please click here. To set your contact preferences for other Microsoft communications click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA