Students, do you live to code?

Having trouble viewing this email? View as a webpage.       Student Connect with Student:           Visual Studio Professional 2013 Release Candidate is available now to students at no cost on DreamSpark.com. With Visual Studio Pro 2013, you can create amazing apps on Windows, Windows Phone, Office, the web, or the cloud. Be among the first to try the new tool, start coding like a pro developer, and hone the dev skills that can help you land the job of your dreams. Download now.       free technical training at microsoft virtual academy Get free Microsoft training delivered by experts at Microsoft Virtual Academy. Check out the lineup of free, intro-level development courses and learn at your own pace. Skill up in HTML5 & CSS3, C#, Windows Phone 8 and more       It's time for Imagine Cup 2014 Visit Imaginecup.com and enter one of three BIG competitions: World Citizenship, Innovation, and Games. Got a great idea? Enter the Video Pitch Challenge where you can compete for $3,000 (USD) by creating a five minute (or less) pitch video. LEARN MORE AND GET REGISTERED TODAY         STUDENTS SPARK CHANGE Check out our YouthSpark Challenge for Change winners! The Challenge asked students to share how Windows and Office could help them address a social issue. The winners just returned from a volunteer trip to Kenya, ready to take their ideas to the next level. FOLLOW THE STORIES OF THE CHALLENGE WINNERS               DOWNLOAD THE WINDOWS GETTING STARTED GUIDE       DOWNLOAD THE WINDOWS PHONE GETTING STARTED GUIDE       DOWNLOAD THE WINDOWS AZURE GETTING STARTED GUIDE         Like us Follow us       Microsoft respects your privacy. Please read our online Privacy Statement. If you would prefer not to receive future promotional emails from Microsoft Corporation please click here. These settings will not affect any mandatory service communications that are considered part of certain Microsoft services. To set your contact preferences for Microsoft Communications, click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA

Microsoft Security Newsletter - September 2013

Trustworthy Computing | September 2013 Microsoft Security Newsletter     Welcome to September’s Security Newsletter! This month our newsletter focuses on application security. With the growing popularity of apps today, and their wide range of use such as the processing of financial data or storing of personal information, it is critically important that application developers build apps with security in mind. To help developers protect their applications from malicious attacks, Microsoft has integrated security technologies into our software commonly used for development. Windows 8 and Visual Studio 2012 provide a set of application programming interfaces (APIs), controls, and tools to help minimize application vulnerabilities and mitigate common security problems. In Visual Studio 2012, security technologies such as /GS, address space layout randomization (ASLR), Data Execution Prevention (DEP), and Structured Exception Handling Overwrite Protection (SEHOP) are enabled by default for native code within the application. When developers compile their applications, these security technologies are integrated. In addition, Microsoft provides an Application Certification Kit. This kit is designed to help developers validate and test their applications on their computer before they submit them for certification and listing in the Windows Store. While on the topic of applications, Microsoft has released a new Security Intelligence Report app for Windows. If you are not familiar with the Microsoft Security Intelligence Report (SIR), it provides threat intelligence for 100+ countries/regions around the world and is designed to help IT professionals manage risk within their organizations. This new app is designed to work on Windows 7 and Windows 8 and provides our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The app includes all 800+ pages of content from SIR Volume 14, the latest volume of the report, and is fully searchable. This makes it easy to find every mention of a particular threat or country/region. It also provides an easy way to access high fidelity charts with “save as” functionality. In addition, the application is reader friendly with the integration of glossary terms in the body of the report. You can download the app today at http://aka.ms/GetSIRApp. We hope you enjoy it and encourage you to provide feedback to our Twitter handle @MSFTSecurity. Best regards, Tim Rains, Director Microsoft Trustworthy Computing Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas.   Top Stories   Financial Services: A Survey of the State of Secure Application Development Processes Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals, companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind. As a result, Microsoft recently commissioned an independent research and consultancy firm to examine the current state of application development in the financial services sector from a security perspective. Explore their findings by downloading the report, “Microsoft Security Development Lifecycle Adoption: Why and How today.” MAPP Initiatives Update – Knowledge Exchange Platform A little more than a month ago, Microsoft announced some new initiatives for the Microsoft Active Protections Program (MAPP). Learn how the program is moving forward with its first two initiatives, one of which is a new automated knowledge exchange platform that provides the ability to automate the sharing and consumption of threat information in machine readable formats.   Security Guidance   Microsoft SDL Optimization Model Designed for development managers and IT policymakers, this step-by-step model helps you gradually move your organization toward the adoption of the Microsoft SDL to reduce customer risk. Included are tools that will enable you to: a) assess the state of your development organization with four maturity levels; b) create a practical vision and roadmap for improving your organizations software development capability; and c) outline practical and cost-effective activities in each of the five capability areas to assist with budgeting, planning, and staffing efforts associated with software. SDL Process Template Get a downloadable template that automatically integrates the policy, process, and tools associated with the Microsoft SDL process guidance directly into your Visual Studio Team System (VSTS) software development environment. SDL Threat Modeling Tool Threat modeling is a core element of the Microsoft SDL. The SDL Threat Modeling makes threat modeling easier for developers of all skill levels to communicate about the security design of their systems, analyze those designs for potential security issues using a proven methodology, and suggest and manage mitigations for security issues. Using the SDL for LOB Windows 8 Apps Learn how to build security into your Windows Store line-of-business apps with measurable results. Web to Windows 8: Security With Windows 8, JavaScript plays an important part in the overall security of your app by providing the tools necessary to secure data, validate input and separate potentially malicious content. This article will show you how you can adjust some of the habits you bring from web development so that you can produce more secure Windows Store apps using HTML5, JavaScript and the security features of the Windows Runtime. Using the SDL for LOB Windows 8 Apps Learn how to build security into your Windows Store line-of-business apps with measurable results. Learn how to build security into your Windows Store line-of-business apps with measurable results. Beyond the buzz of Web 2.0, mashup applications (also called hybrid or situational applications) bring the promise of creating meaningful experiences by feeding other people’s data to your application. Learn to mitigate security issues that can come along with a mashup application in this series of articles from MSDN’s Script Junkie.   Cloud Security Corner   Cloud Computing: Privacy, Confidentiality and the Cloud If you’re in IT, you are frequently processing, storing, or transmitting data that is subject to regulatory and compliance requirements. When that data falls under regulatory or compliance restrictions, your choice of cloud deployment (whether private, hybrid or public) hinges on maintaining the security of information. Learn how to view the cloud as a golden opportunity to achieve better security.   This Month's Security Bulletins   September 2013 Security Bulletins Critical   • MS13-067: 2834052 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution   • MS13-068: 2756473 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution   • MS13-069: 2870699 Cumulative Security Update for Internet Explorer   • MS13-070: 2876217 Vulnerability in OLE Could Allow Remote Code Execution Important   • MS13-071: 2864063 Vulnerability in Windows Theme File Could Allow Remote Code Execution   • MS13-072: 2845537 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution   • MS13-073: 2858300 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution   • MS13-074: 2848637 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution   • MS13-075: 2878687 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege   • MS13-076: 2876315 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege   • MS13-077: 2872339 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege   • MS13-078: 2825621 Vulnerability in FrontPage Could Allow Information Disclosure   • MS13-079: 2853587 Vulnerability in Active Directory Could Allow Denial of Service   September 2013 Security Bulletin Resources:   • Microsoft Security Response Center (MSRC) Blog Post   • Security Bulletin Webcast (MP4) – 3000k | 600k | 400k   • Security Bulletin Webcast Q&A   Security Events and Training   Microsoft SDL Training Learn how to implement the foundational concepts of the Microsoft SDL and build better software. Topics include secure design, threat modeling, secure coding, security testing, and best practices surrounding privacy. This training is designed specifically for software development team members in technical roles (developers, testers, and program managers). Microsoft Webcast: Information about the October 2013 Security Bulletin Release Wednesday, October 9, 2013 Join this webcast for a brief overview of the technical details of October’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts. Microsoft Webcast: Information about the November 2013 Security Bulletin Release Wednesday, November 13, 2013 Join this webcast for a brief overview of the technical details of November’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.     Essential Tools   • Microsoft Security Bulletins   • Microsoft Security Advisories   • Security Compliance Manager   • Microsoft Security Development Lifecycle Starter Kit   • Enhanced Mitigation Experience Toolkit   • Malicious Software Removal Tool   • Microsoft Baseline Security Analyzer Security Centers   • Security TechCenter   • Security Developer Center   • Microsoft Security Response Center   • Microsoft Malware Protection Center   • Microsoft Privacy   • Microsoft Security Product Solution Centers Additional Resources   • Trustworthy Computing Security and Privacy Blogs   • Microsoft Security Intelligence Report   • Microsoft Security Development Lifecycle   • Malware Response Guide   • Security Troubleshooting and Support Resources   • Trustworthy Computing Careers     microsoft.com/about/twc Trustworthy Computing     This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft respects your privacy. To learn more please read our online Privacy Statement. If you would prefer to no longer receive this newsletter, please click here. To set your contact preferences for other Microsoft communications click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA