Wednesday, May 22, 2013

Microsoft Security Newsletter - May 2013



Trustworthy Computing | May 2013
Microsoft Security Newsletter
Welcome to May’s Security Newsletter!
This month’s newsletter focuses on compliance. Part of being compliant is making sure you are staying ahead of the game in understanding threats and countermeasures. A few weeks ago we released our Microsoft Security Intelligence Report Volume 14 (SIRv14). One of the most interesting things to surface from the report is the change in threats detected in enterprise environments. Over the last several years, network worms have been the top threat detected in enterprise environments. Customers have managed these with mitigations like configuration and policy changes, passwords and network share access control. While still a threat to organizations, our latest threat intelligence report shows worms are being superseded by malware and exploits delivered through malicious and compromised websites.


The proportion of Conficker and Autorun threats reported by enterprise computers decreased by 37% from 2011 to the second half of 2012. By the end of 2012, web-based attacks became the top threats affecting enterprises today. In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites. These threats included IframeRef, Blacole, BlacoleRef, Zbot, Sirefef, Dorkbot and Pdfjsc. Learn more about the web-based attacks and what can be done to help protect against them in our latest Microsoft Security Intelligence Report.

Tim Rains Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing
Top Stories
The Countdown Begins: Support for Windows XP Ends on April 8, 2014
We are now less than one year away from the end of extended support for Windows XP Service Pack 3 (SP3). If your infrastructure still includes machines running Windows XP, learn about the security implications of end of support and the importance of migrating to a modern operating system with increased protection.

The Time is Now: Security Development Must be a Priority for Everyone
While the Internet has created many new opportunities and ways to do business, it has also spawned a digital underground for online crime. Security breaches that have financial consequences or lead to intellectual property loss, website defacement or espionage have become a reality in today’s computing landscape. Despite this, the evidence suggests that the vast majority of organizations still have not adopted security development as a fundamental professional discipline. Learn more about this troubling trend, and resources that can help you integrate security into your development practices.
Security Guidance
Microsoft Security Compliance Manager: Overview
Microsoft Security Compliance Manager (SCM) is a free tool that enables you to quickly configure and manage your desktops, traditional datacenter, and private cloud using Group Policy and System Center Configuration Manager. Read this overview for a list of key features and setup requirements, then consult the Getting Started guide, FAQ, and release notes for more detailed information and installation steps.

Microsoft Security Compliance Manager: Security Baselines
Microsoft SCM offers security baselines to help you manage configuration drift, address compliance requirements, and reduce security threats. Security baselines include: a detailed view of security vulnerabilities related to certain servers, applications, operating systems, and/or browser settings; details on the potential impact of configuring significant settings in these areas; recommended countermeasures to address vulnerabilities; technical data required to implement and assess the state of each countermeasure that you implement; and product-specific security guides with detailed instructions and recommendations to help strengthen the security of your servers and computers.

Download Microsoft SCM 3.0 to access security baselines for the following Microsoft products:

Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003
Windows 8, Windows 7, Windows Vista, and Windows XP
Internet Explorer 10, Internet Explorer 9, and Internet Explorer 8
Exchange Server 2010 and Exchange Server 2007
Microsoft Office 2010 and Microsoft Office 2007 SP2


Ensure the Compliance of Devices with System Center Configuration Manager
Configuration Manager provides tools to manage the compliance of devices in your organization to ensure that they all contain consistent configurations and settings. Configuration Manager can automatically remediate many settings when they are found to be noncompliant. Learn about compliance settings in Configuration Manager and get step-by-step guidance on how to create configuration data, and deploy and monitor configuration baselines.

What’s New in Security Auditing in Windows 8 and Windows Server 2012
Explore the auditing enhancements in Windows 8 and Windows Server 2012 that can assist IT professionals who work with Windows 8 and Windows Server 2012 to monitor, troubleshoot, and enforce security compliance in a network.

File Access Auditing in Windows Server 2012
Security Auditing is one of the most powerful tools to help maintain the security of an enterprise. Security audits help establish the presence of data security and privacy policies and prove compliance with industry standards. Additionally, security audits help detect anomalous behavior, identify and mitigate gaps in security policies, and deter irresponsible behavior by creating a trail of user activity that can be used for forensic analysis. Learn how to plan for and deploy the security auditing capabilities in Windows Server 2012.

Windows Azure Compliance Programs
Find detailed information about Windows Azure security compliance programs to help you determine if Windows Azure, and the particular applications you intend to run in Windows Azure, comply with the specific laws and regulations applicable to your industry and use scenarios.

The Compliance Benefits of Better Application Security
The shift toward software dependence has forced businesses to reexamine application security strategies and prompted important questions about the security processes of software suppliers. Looking at true operational security, the risk is too great for software security to be just a line item in a compliance checklist. This paper explores this overlap between compliance and software security, and explains why having a mature software security approach is vital to ensuring broader enterprise IT compliance.

Aligning the Microsoft SDL with PCI DSS/PCI PA-DSS Compliance Activity
This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help you meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).
Community Update
MVP Article of the Month: Threat Modeling Made Easy
Dan Griffin, Microsoft MVP – Enterprise Security
Managing risk in the enterprise is of utmost importance. The good news is that threat modeling is easier than most people think and is an effective process for systematically identifying and mitigating risk. Get some quick tips to help you kick start your own threat modeling project the right way.
Cloud Security Corner
Evaluating Security Needs for Private Cloud
Companies often ask: public or private cloud – which has greater security risk? While there are different sets of risks depending on the organization and their compliance needs, this blog post outlines a few reasons why you might prefer a private cloud.
This Month’s Security Bulletins
Microsoft Security Bulletin Summary for May 2013

Critical
MS13-037: 2829530 Cumulative Security Update for Internet Explorer
MS13-038: 2847204 Security Update for Internet Explorer

Important
MS13-039: 2829254 Vulnerability in HTTP.sys Could Allow Denial of Service
MS13-040: 2836440 Vulnerabilities in .NET Framework Could Allow Spoofing
MS13-041: 2834695 Vulnerability in Lync Could Allow Remote Code Execution
MS13-042: 2830397 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution
MS13-043: 2830399 Vulnerability in Microsoft Word Could Allow Remote Code Execution
MS13-044: 2834692 Vulnerability in Microsoft Visio Could Allow Information Disclosure
MS13-045: 2813707 Vulnerability in Windows Essentials Could Allow Information Disclosure
MS13-046: 2840221 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege
May 2013 Security Bulletin Resources:
Microsoft Security Response Center (MSRC) Blog Post
Security Bulletin Quick Overview (MP4) – 3000k | 600k | 400k
Security Bulletin Webcast (MP4) – 3000k | 600k | 400k
Security Bulletin Webcast Q&A
Security Events and Training
TechEd North America 2013
June 3-6, 2013 – New Orleans, LA
Learn how you can achieve your business goals while still protecting your assets and infrastructure. With the Architecture & Trustworthy Computing and Windows Client, Access & Management tracks at this year’s TechEd, you’ll learn how to provide consistent and secure user experiences for corporate- or employee-owned devices, while also helping to safeguard corporate data and resources through policy compliance and optimized application delivery. Learn how to leverage Microsoft identity and access management solutions for corporate boundary control and information protection, manage a user’s identity across the datacenter and the cloud, provide secure remote access, and define the resources they have access to, based on who they are, what they are accessing, and from what device.

Windows Intune: Manage and Secure Your PCs and Mobile Devices from the Cloud
Tuesday, June 11, 2013
Deploying patches and software updates while validating your environments security status is important, to not only protect this environment but ensure the devices are operating correctly. Learn how Windows Intune helps organizations keep their PCs and mobile devices well-managed and more secure from virtually anywhere with cloud-based management tools. Can’t make it on June 11th? Join the June 25th session instead.

TechNet Webcast: Information about the June 2013 Security Bulletin Release
Wednesday, June 12, 2013
Join this webcast for a brief overview of the technical details of June’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

Essential Tools
Microsoft Security Bulletins
Microsoft Security Advisories
Security Compliance Manager
Microsoft Security Development Lifecycle Starter Kit
Enhanced Mitigation Experience Toolkit
Malicious Software Removal Tool
Microsoft Baseline Security Analyzer
Security Centers
Security TechCenter
Security Developer Center
Microsoft Security Response Center
Microsoft Malware Protection Center
Microsoft Privacy
Microsoft Security Product Solution Centers
Additional Resources
Trustworthy Computing Security and Privacy Blogs
Microsoft Security Intelligence Report
Microsoft Security Development Lifecycle
Malware Response Guide
Security Troubleshooting and Support Resources
microsoft.com/about/twc Trustworthy Computing
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer to no longer receive this newsletter, please click here.

To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)