Wednesday, February 26, 2014

Microsoft Security Newsletter - February 2014



 
 
Trustworthy Computing | February 2014
Microsoft Security Newsletter
 
 
Welcome to February’s Security Newsletter!
The theme for our newsletter this month focuses in on the importance of data classification in helping to manage risk for sensitive data. With the proliferation of devices on the market today, many IT professionals I talk with struggle with how to manage sensitive data on end point devices. For some, data classification has already become a part of their culture and plays a role in managing their organization’s data. For others though, this is either a new concept or one that organizations struggle to implement.

Given the importance and relevance of this topic in today’s environment, we have published two papers that are recommended reading for any IT professional seeking to learn more about data classification and how it can help organizations better manage risk:

"Data Classification for Cloud Readiness" outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also discusses technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the cloud era. The paper’s appendix then identifies some of today’s top data classification regulations and compliance requirements.
 
"CISO Perspectives on Data Classification" provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, and how they have implemented data classification.

In addition to these materials, I would also suggest checking out the video from our Cloud Fundamentals Video Series titled " All Data is not Created Equal." If your organization has implemented a data classification process and believe others could benefit from your experiences, we want to hear from you. Please connect with us either through email or via Twitter @MSFTSecurity.

Tim Rains Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing

Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas.
 
Top Stories
 
Now Available: EMET 5.0 Technical Preview
Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit (EMET), the EMET 5.0 Technical Preview. The new version offers new protections for enterprises that build on the 12 security mitigations included in version 4.1, for example, a new Attack Surface Reduction security mitigation and further refinements to Export Address Table Access Filtering (EAF). Learn how you can use the EMET 5.0 Technical Preview today to protect your software applications and better test and deploy security updates for applications that you run in your environment.

The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency
Developed over the past year through collaboration between industry and government, the National Institute of Standards and Technology (NIST) Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Explore Microsoft’s involvement in the development of the framework, and learn how Microsoft’s approach to managing cybersecurity risks is consistent with the Cybersecurity Framework’s security and privacy guidance.

Threats in the Cloud
Get guidance on how to manage the risks associated with two of the primary threats to cloud service providers and their customers: attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks in the blog series from Microsoft Trustworthy Computing Director Tim Rains.

 
Security Guidance
 
Dynamic Access Control with Windows Server 2012
Learn how you can apply data governance across your file servers to control who can access information and to audit who has accessed information with step-by-step guidance on how to plan for and deploy:

Central access policies
 
File access auditing
 
Access-denied assistance
 
Classification-based encryption for Microsoft Office documents
 
Retention policies for information on file servers

Microsoft Data Classification Toolkit
If your organization is running Windows Server 2012 or Windows Server 2008 R2 Service Pack 1, the Data Classification Toolkit can help you identify, classify, and protect the data on your file servers. The out-of-the-box classification and rule examples included in the toolkit can also help you build and deploy policies to protect critical information on the file servers in your environment.

Plan for Automatic File Classification
File Classification Infrastructure in Windows Server 2012 provides insight into your data by automating classification processes so that you can manage your data more effectively. Learn how to identify what information to classify in your environment, how to classify files, and how to export the configuration from a baseline computer to your file servers. Step-by-step deployment guidance is also available.

BitLocker: Planning and Policies
BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned. Find out how to plan for a successful deployment of BitLocker by determining the appropriate policies and configuration requirements for your organization then learn how to deploy BitLocker using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell.

 
This Month's Security Bulletins
 
February 2014 Security Bulletins

Critical
 
MS14-007: 2912390 Vulnerability in Direct2D Could Allow Remote Code Execution
 
MS14-008: 2927022 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution
 
MS14-010: 2909921 Cumulative Security Update for Internet Explorer
 
MS14-011: 2928390 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

Important
 
MS14-005: 2916036 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
 
MS14-006: 2904659 Vulnerability in IPv6 Could Allow Denial of Service
 
MS14-009: 2916607 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
 
February 2014 Security Bulletin Resources:
 
Microsoft Security Response Center (MSRC) Blog Post
 
Security Bulletin Webcast
 
Security Bulletin Webcast Q&A
 
Security Events and Training
 
Microsoft Virtual Academy: Windows Server 2012 R2 Access and Information Protection
In this course, you will learn how Windows Server 2012 R2 can help you provision, manage, and secure devices—and protect valuable data—while creating a seamless experience for the user. Looking for specific training on the Dynamic Access Control features in Windows Server 2012? Check out the Windows Server 2012: Identity and Access course.

Microsoft Virtual Academy: Windows Azure Security Overview
Familiarize yourself with the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers, including the privacy, policies, infrastructure, and security mechanisms designed to protect customer data.

Microsoft Webcast: Information about the March 2014 Security Bulletin Release
Wednesday, March 12, 2014 – 11:00AM Pacific Time
Join this webcast for a brief overview of the technical details of March’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

Overview of Office 365 for Government
Wednesday, March 19, 2014 – 11:00AM Pacific Time
Learn how Office 365 can help government employees collaborate and stay productive from anywhere with secure, cloud-based versions of familiar applications. Explore Office 365 and learn how Microsoft’s Government Community Cloud can help you increase productivity and reduce costs while keeping your data secure and compliant.

Microsoft Webcast: Information about the April 2014 Security Bulletin Release
Wednesday, April 9, 2014 – 11:00AM Pacific Time
Join this webcast for a brief overview of the technical details of April’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

TechEd North America 2014
May 12-15, 2014 – Houston, Texas
In 2014, Microsoft is bringing together the best of TechEd and the Microsoft Management Summit (MMS) to help skilled technology professionals increase their technical expertise, share best practices, and interaction with Microsoft and a variety of industry experts and their peers. Explore the security aspects of data platforms and business intelligence, datacenter and infrastructure management, people-centric IT, Windows (devices and Windows Phone), and much more. Register today.

 
 
Essential Tools
 
Microsoft Security Bulletins
 
Microsoft Security Advisories
 
Security Compliance Manager
 
Microsoft Security Development Lifecycle Starter Kit
 
Enhanced Mitigation Experience Toolkit
 
Malicious Software Removal Tool
 
Microsoft Baseline Security Analyzer
Security Centers
 
Security TechCenter
 
Security Developer Center
 
Microsoft Security Response Center
 
Microsoft Malware Protection Center
 
Microsoft Privacy
 
Microsoft Security Product Solution Centers
Additional Resources
 
Trustworthy Computing Security and Privacy Blogs
 
Microsoft Security Intelligence Report
 
Microsoft Security Development Lifecycle
 
Malware Response Guide
 
Security Troubleshooting and Support Resources
 
Trustworthy Computing Careers
 
 
microsoft.com/about/twc Trustworthy Computing
 
 
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2014 Microsoft Corporation Terms of Use | Trademarks

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer to no longer receive this newsletter, please click here.

To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA
 
 

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)