| | | Trustworthy Computing | August 2013 |  | | Microsoft Security Newsletter | | | | | | | | Welcome to August’s Security Newsletter! | This month our newsletter focuses on client security and the security implications of running software that is no longer supported by the software manufacturer. If you have been following Microsoft security news recently, you are likely aware that support for Windows XP ends on April 8, 2014. It is important to note that after this date, customers running Windows XP will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its "end of life" will not be addressed by new security updates from Microsoft.
From a security perspective, if you are running Windows XP, I cannot stress enough the importance of migrating to a newer platform that is supported and can provide increased protections. The very first month that Windows XP goes out of support, attackers will have the advantage. The first month that security updates for supported versions of Windows are released, attackers will reverse engineer those updates, find the vulnerabilities, and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since security updates will no longer be available for Windows XP to address such vulnerabilities, Windows XP will essentially have a "zero day" vulnerability forever. I discuss this in greater detail in a recent blog post.
This should be concerning for anyone using Windows XP today. If your organization has not started the migration to a modern operating system, it is crucial that you begin planning and application compatibility testing as soon as possible. Based on historical customer deployment data, the average enterprise deployment can take 18 to 32 months from business case through full deployment. If you are looking for resources on how to get started, I encourage you to read the Windows Blog post on "365 Days Remaining Until XP End Of Support. The Countdown Begins" for more detailed questions and answers.
 | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing |
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas. | |  | | Top Stories |  |  | | | Microsoft Security Response Center Progress Report 2013
Download the latest insights on key security bulletin and Common Vulnerabilities and Exposures (CVE) statistics and explore how several Microsoft Security Response Center (MSRC) programs performed during the one year period between July 2012 and June 2013. Want to learn how to use the data offered in the MSRC Progress Report to make optimized deployment decisions? Read "Using Vulnerability Data to Optimize Security Update Deployments."
New Microsoft Security Intelligence Report Application for Windows
Enhance your access to the vast amount of threat intelligence contained in the Microsoft Security Intelligence Report (SIR) with the new Microsoft SIR desktop application. Designed to work on both Windows 7 and Windows 8, the app provides user-friendly, easy access to all 800+ pages of SIR content, including high-resolution charts, in one convenient place. Download the app today.
The Impact of Security Science in Protecting Customers
Microsoft Trustworthy Computing recently released new research that examines the long-term impact of security mitigations that Microsoft has implemented to address software vulnerabilities. Explore key findings then download the full paper, entitled "Software Vulnerability Exploitation Trends."
| | | | Security Guidance | | | | | Windows 8 Security Overview
Familiarize yourself with the enterprise-grade security features in Windows 8 that can protect your devices and data from unauthorized access and threats like malware. Looking for information on what’s changed in security in Windows 8.1? See What’s New in Windows 8.1 and the Windows 8.1 Preview FAQ.
Securing the Windows 8 Boot Process
When you run Windows 8 on a Windows 8 certified PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power your PC on until your antimalware starts. Learn how Trusted Boot provides better startup security for both company- and personally-owned PCs then get answers to common questions with a short demo and the Windows 8 Boot Security FAQ.
Windows RT in the Enterprise: Security Overview
Windows RT is designed to leverage all of the security technologies present in Windows 8. Learn how Windows RT not only does supports these technologies, but how many of them are required for all Windows RT devices to help ensure that devices are protected from the first time they are turned on.
Preparing for BitLocker: Planning and Policies
When you design your BitLocker deployment strategy, you will need to define the appropriate policies and configuration requirements based on the business requirements of your organization. This article will show you how to collect information that you can use to frame your decision-making process about deploying and managing BitLocker systems. Curious about a specific aspect of BitLocker deployment or management? Check out the BitLocker FAQ.
Demo: Deploy BitLocker with MDT and Windows PowerShell
With Windows 8, you can more quickly enable BitLocker Drive Encryption during operating-system deployment. Now you can pre-provision BitLocker before installing Windows 8, and it can encrypt used disk space, rather than encrypting the entire drive. Learn how to deploy BitLocker by using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell.
Try It Out: Encrypt Used Space Only
BitLocker in Windows 8 introduces Used Disk Space Only encryption, which gives you the option to encrypt only space on the drive that is actively being used. Use this quick step-by-step guide to try this process for yourself.
Manage the Identity Lifecycle
Managing identity is ultimately about managing access to your corporate resources. Users authenticate to resources with their identity, then use the properties of that identity (for example, group membership) to get authorized access to resource. See why having a good identity management system in place—with a standard process for provisioning and updating user accounts with their proper groups and other authorizations—helps ensure the right users have access to the right resources.
| | | | Cloud Security Corner | | | | | Cloud Computing: Privacy, Confidentiality and the Cloud
If you’re in IT, you are frequently processing, storing, or transmitting data that is subject to regulatory and compliance requirements. When that data falls under regulatory or compliance restrictions, your choice of cloud deployment (whether private, hybrid or public) hinges on maintaining the security of information. Learn how to view the cloud as a golden opportunity to achieve better security.
| | | | This Month’s Security Bulletins | | | | | Microsoft Security Bulletin Summary for August 2013
| | August 2013 Security Bulletin Resources:
| | | | Security Events and Training | | | | | Windows 8 Jump Start: Recovery and Security
Learn how to better control, secure, and manage Windows 8 PCs with BitLocker, UEFI, Secure Boot, Measured Boot, and the Diagnostics and Recovery Toolset (DaRT). This course will go over the security features integrated into Windows 8 and then walk you through the process of resetting and refreshing PCs, deploying recovery images, and much more.
Microsoft Webcast: Information about the September 2013 Security Bulletin Release
Wednesday, September 11, 2013
Join this webcast for a brief overview of the technical details of September’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
Microsoft Webcast: Information about the October 2013 Security Bulletin Release
Wednesday, October 9, 2013
Join this webcast for a brief overview of the technical details of October’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
| | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | |
