Wednesday, July 24, 2013

Microsoft Security Newsletter - July 2013



Trustworthy Computing | July 2013
Microsoft Security Newsletter
Welcome to July’s Security Newsletter!
This month our newsletter focuses on the Bring Your Own Device (BYOD) trend in the workplace and the implications it has for IT professionals. For many organizations, allowing employees to bring in personal computing devices—such as smart phones, tablets and PCs—can improve productivity and reduce the costs associated with deploying and supporting company-issued assets. As a result, BYOD has become a popular trend that is gaining wide acceptance in locations around the world. Microsoft recently commissioned the Trust in Computing survey to help uncover current attitudes and perceptions related to security and privacy. The study found that 78% of organizations allow employees to bring their own computing devices to the office for work purposes. There were also some interesting regional variations that can been seen in the below chart.

While the immediate benefits of BYOD might seem clear, they also come with IT security and management implications as IT departments can lose some of the control they traditionally exercised over managed resources. The security challenges of BYOD include enforcing policies like the use of strong passwords on multiple devices, ensuring that every device has up-to-date patches and robust anti-malware protection, the encryption of sensitive data, and mitigating other risks such as the loss of devices and the use of unsecured third-party data connections. Recognizing the benefits that BYOD can provide, Microsoft has designed its products and services with BYOD-friendly policies in mind. There are a few resources I suggest for diving deeper if you are interested in learning more about the topic and Microsoft’s approach:

Trust in Computing Survey, Part 1: Consumerization of IT Goes Mainstream
Managing Windows 8 Devices in a Bring Your Own Device World
How to Embrace BYOD: Guidance for Enterprises

Finally, I’d like to thank those of you who sent us your ideas on how to improve this newsletter moving forward. We are always looking for additional feedback so email us at secnlfb@microsoft.com and share your ideas.

Tim Rains Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing
Top Stories
What’s New in Windows Server 2012 R2: Making Device Users Productive and Protecting Corporate Information
The modern workforce isn’t just better connected and more mobile than ever before, it’s also more discerning (and demanding) about the hardware and software used on the job. Get a helpful overview of the architecture and critical components of People-centric IT (PCIT), learn how to embrace the consumerization of IT, and get insight into the technologies that will help you enable BYOD scenarios in your organization.

Trust in Computing Survey, Part 2: Less Than Half of Developers Use a Security Development Process
The threat landscape is continually evolving. Attackers are constantly seeking out new ways to compromise potential victims on a broad or targeted scale. They attempt to exploit unpatched vulnerabilities, use deceitful tactics to trick users into installing malicious software, attempt to guess weak passwords, and employ other dirty tricks. Despite this reality, a large number of organizations are still not developing applications with security in mind. Explore the reasons behind this concerning trend.

Trustworthy Computing Blog App Now Available for Windows Phone 8
Learn about the improvements available in the new version of our Trustworthy Computing Blogs Windows Phone application, which include optimization for Windows Phone 8 users, live tile notifications, and improved graphics.

Security Guidance
Windows Server 2012 R2 Preview: What's New in Access and Information Protection
In Windows Server 2012 R2 Preview, Active Directory has been enhanced to allow IT risk management while also enabling IT to empower their users to be productive from a variety of devices. Learn about these enhancements, then get step-by-step guidance with these walkthroughs:

Workplace Join with a Windows Device
Workplace Join with an iOS Device
Connect to Applications and Services from Anywhere with Web Application Proxy
Manage Risk with Multi-factor Access Control
Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications

How to Manage Mobile Devices by Using Configuration Manager and Windows Intune
Learn how to manage apps for Windows Phone 8, Windows RT, iOS, and Android devices by using the Windows Intune service and the System Center Configuration Manager console.

Ensure the Compliance of Devices with Configuration Manager
System Center 2012 Configuration Manager SP1 contains new capabilities you can use to manage roaming profiles, offline files, and folder redirection on computers that run Windows 8 in your organization. Learn how to create configuration data, and deploy and manage configuration baselines, in order to ensure that your devices all contain consistent configurations and settings, and even automatically remediate settings found to be noncompliant.

When to Use AppLocker
AppLocker is an application control feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 that helps you control which applications and files users can run. Find out how AppLocker can help you to protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.

Windows RT in the Enterprise: Security Technologies
Windows RT is designed to leverage all of the security technologies present in Windows 8, several of which are new. Explore why Windows RT not only supports these technologies, but requires many of them for all Windows RT devices to help ensure that the devices are protected from the first time they are turned on.

Messaging Policy and Compliance in Exchange Server 2013
Messaging stores and mailboxes have become repositories of valuable data. Explore the messaging policy and compliance features in Exchange Server 2013, then get step-by-step guidance to help you configure key features such as Data Loss Prevention (DLP) and messaging records management (MRM).

Cloud Security Corner
Cloud Security: Best Practices and Recommended Resources
As cloud computing begins to mature, organizations are looking at ways to understand the opportunities and assess their own current IT environment with regard to security, privacy and reliability practices, policies and compliance. To help organizations make informed security decisions and evaluate IT readiness for moving assets to the cloud, check out the top two resources recommended by Microsoft Trustworthy Computing General Manager Adrienne Hall.

This Month’s Security Bulletins
Microsoft Security Bulletin Summary for June 2013

Critical
MS13-052: 2861561 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution
MS13-053: 2850851 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
MS13-054: 2848295 Vulnerability in GDI+ Could Allow Remote Code Execution
MS13-055: 2846071 Cumulative Security Update for Internet Explorer
MS13-056: 2845187 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
MS13-057: 2847883 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution

Important
MS13-058: 2847927 Vulnerability in Windows Defender Could Allow Elevation of Privilege
July 2013 Security Bulletin Resources:
Microsoft Security Response Center (MSRC) Blog Post
Security Bulletin Quick Overview (MP4) – 3000k | 600k | 400k
Security Bulletin Webcast (MP4) – 3000k | 600k | 400k
Security Bulletin Webcast Q&A
Security Events and Training
Virtual Lab: Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

Windows Server 2012 provides new, features to easily implement secure remote user features. In this lab, you will begin by leveraging both RemoteApp and VDI to allow users to work securely on remote applications from home computers. Next, you will grant those users access to corporate resources by enabling them to leverage DirectAccess. Finally, you will grant those users access to secure files via Dynamic Access Control by modifying properties of the user accounts.

Microsoft Webcast: Information about the August 2013 Security Bulletin Release
Wednesday, August 14, 2013
Join this webcast for a brief overview of the technical details of August’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

Microsoft Webcast: Information about the September 2013 Security Bulletin Release
Wednesday, September 11, 2013
Join this webcast for a brief overview of the technical details of September’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

Essential Tools
Microsoft Security Bulletins
Microsoft Security Advisories
Security Compliance Manager
Microsoft Security Development Lifecycle Starter Kit
Enhanced Mitigation Experience Toolkit
Malicious Software Removal Tool
Microsoft Baseline Security Analyzer
Security Centers
Security TechCenter
Security Developer Center
Microsoft Security Response Center
Microsoft Malware Protection Center
Microsoft Privacy
Microsoft Security Product Solution Centers
Additional Resources
Trustworthy Computing Security and Privacy Blogs
Microsoft Security Intelligence Report
Microsoft Security Development Lifecycle
Malware Response Guide
Security Troubleshooting and Support Resources
microsoft.com/about/twc Trustworthy Computing
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer to no longer receive this newsletter, please click here.

To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)