Microsoft Security Newsletter - February 2014

Trustworthy Computing | February 2014 Microsoft Security Newsletter     Welcome to February’s Security Newsletter! The theme for our newsletter this month focuses in on the importance of data classification in helping to manage risk for sensitive data. With the proliferation of devices on the market today, many IT professionals I talk with struggle with how to manage sensitive data on end point devices. For some, data classification has already become a part of their culture and plays a role in managing their organization’s data. For others though, this is either a new concept or one that organizations struggle to implement. Given the importance and relevance of this topic in today’s environment, we have published two papers that are recommended reading for any IT professional seeking to learn more about data classification and how it can help organizations better manage risk: • "Data Classification for Cloud Readiness" outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also discusses technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the cloud era. The paper’s appendix then identifies some of today’s top data classification regulations and compliance requirements.   • "CISO Perspectives on Data Classification" provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, and how they have implemented data classification. In addition to these materials, I would also suggest checking out the video from our Cloud Fundamentals Video Series titled " All Data is not Created Equal." If your organization has implemented a data classification process and believe others could benefit from your experiences, we want to hear from you. Please connect with us either through email or via Twitter @MSFTSecurity. Best regards, Tim Rains, Director Microsoft Trustworthy Computing Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas.   Top Stories   Now Available: EMET 5.0 Technical Preview Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit (EMET), the EMET 5.0 Technical Preview. The new version offers new protections for enterprises that build on the 12 security mitigations included in version 4.1, for example, a new Attack Surface Reduction security mitigation and further refinements to Export Address Table Access Filtering (EAF). Learn how you can use the EMET 5.0 Technical Preview today to protect your software applications and better test and deploy security updates for applications that you run in your environment. The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency Developed over the past year through collaboration between industry and government, the National Institute of Standards and Technology (NIST) Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Explore Microsoft’s involvement in the development of the framework, and learn how Microsoft’s approach to managing cybersecurity risks is consistent with the Cybersecurity Framework’s security and privacy guidance. Threats in the Cloud Get guidance on how to manage the risks associated with two of the primary threats to cloud service providers and their customers: attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks in the blog series from Microsoft Trustworthy Computing Director Tim Rains.   Security Guidance   Dynamic Access Control with Windows Server 2012 Learn how you can apply data governance across your file servers to control who can access information and to audit who has accessed information with step-by-step guidance on how to plan for and deploy: • Central access policies   • File access auditing   • Access-denied assistance   • Classification-based encryption for Microsoft Office documents   • Retention policies for information on file servers Microsoft Data Classification Toolkit If your organization is running Windows Server 2012 or Windows Server 2008 R2 Service Pack 1, the Data Classification Toolkit can help you identify, classify, and protect the data on your file servers. The out-of-the-box classification and rule examples included in the toolkit can also help you build and deploy policies to protect critical information on the file servers in your environment. Plan for Automatic File Classification File Classification Infrastructure in Windows Server 2012 provides insight into your data by automating classification processes so that you can manage your data more effectively. Learn how to identify what information to classify in your environment, how to classify files, and how to export the configuration from a baseline computer to your file servers. Step-by-step deployment guidance is also available. BitLocker: Planning and Policies BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned. Find out how to plan for a successful deployment of BitLocker by determining the appropriate policies and configuration requirements for your organization then learn how to deploy BitLocker using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell.   This Month's Security Bulletins   February 2014 Security Bulletins Critical   • MS14-007: 2912390 Vulnerability in Direct2D Could Allow Remote Code Execution   • MS14-008: 2927022 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution   • MS14-010: 2909921 Cumulative Security Update for Internet Explorer   • MS14-011: 2928390 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution Important   • MS14-005: 2916036 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure   • MS14-006: 2904659 Vulnerability in IPv6 Could Allow Denial of Service   • MS14-009: 2916607 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege   February 2014 Security Bulletin Resources:   • Microsoft Security Response Center (MSRC) Blog Post   • Security Bulletin Webcast   • Security Bulletin Webcast Q&A   Security Events and Training   Microsoft Virtual Academy: Windows Server 2012 R2 Access and Information Protection In this course, you will learn how Windows Server 2012 R2 can help you provision, manage, and secure devices—and protect valuable data—while creating a seamless experience for the user. Looking for specific training on the Dynamic Access Control features in Windows Server 2012? Check out the Windows Server 2012: Identity and Access course. Microsoft Virtual Academy: Windows Azure Security Overview Familiarize yourself with the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers, including the privacy, policies, infrastructure, and security mechanisms designed to protect customer data. Microsoft Webcast: Information about the March 2014 Security Bulletin Release Wednesday, March 12, 2014 – 11:00AM Pacific Time Join this webcast for a brief overview of the technical details of March’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts. Overview of Office 365 for Government Wednesday, March 19, 2014 – 11:00AM Pacific Time Learn how Office 365 can help government employees collaborate and stay productive from anywhere with secure, cloud-based versions of familiar applications. Explore Office 365 and learn how Microsoft’s Government Community Cloud can help you increase productivity and reduce costs while keeping your data secure and compliant. Microsoft Webcast: Information about the April 2014 Security Bulletin Release Wednesday, April 9, 2014 – 11:00AM Pacific Time Join this webcast for a brief overview of the technical details of April’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts. TechEd North America 2014 May 12-15, 2014 – Houston, Texas In 2014, Microsoft is bringing together the best of TechEd and the Microsoft Management Summit (MMS) to help skilled technology professionals increase their technical expertise, share best practices, and interaction with Microsoft and a variety of industry experts and their peers. Explore the security aspects of data platforms and business intelligence, datacenter and infrastructure management, people-centric IT, Windows (devices and Windows Phone), and much more. Register today.     Essential Tools   • Microsoft Security Bulletins   • Microsoft Security Advisories   • Security Compliance Manager   • Microsoft Security Development Lifecycle Starter Kit   • Enhanced Mitigation Experience Toolkit   • Malicious Software Removal Tool   • Microsoft Baseline Security Analyzer Security Centers   • Security TechCenter   • Security Developer Center   • Microsoft Security Response Center   • Microsoft Malware Protection Center   • Microsoft Privacy   • Microsoft Security Product Solution Centers Additional Resources   • Trustworthy Computing Security and Privacy Blogs   • Microsoft Security Intelligence Report   • Microsoft Security Development Lifecycle   • Malware Response Guide   • Security Troubleshooting and Support Resources   • Trustworthy Computing Careers     microsoft.com/about/twc Trustworthy Computing     This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2014 Microsoft Corporation Terms of Use | Trademarks Microsoft respects your privacy. To learn more please read our online Privacy Statement. If you would prefer to no longer receive this newsletter, please click here. To set your contact preferences for other Microsoft communications click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA

Microsoft in Government Newsletter: Virtual Summit March 4th, Save in the Cloud, Big Data

Subscribe |  View as webpage Real Impact for a Lean and Modern Government Learn How: www.microsoft.com/government Microsoft Virtual Federal Forum March 4th, 2014 Streaming LIVE from 8am-2:30pm EST Presented by REGISTER NOW Please join us March 4th for the Microsoft Virtual Federal Forum where, in a short time and from your desk, you can actively engage in the discussion of the technology trends and issues impacting you today, and tomorrow. The Honorable Tom Ridge, Former Secretary of the U.S. Department of Homeland Security, will be speaking on The Global Mission to Secure Cyberspace and will be available to virtual attendees only for Q&A. Twice elected Governor of Pennsylvania, Governor Ridge was also lauded for his aggressive technology strategy that helped fuel the state's advances in the priority areas of economic development, education, health and the environment. Panelists from Veteran Affairs, the U.S. Navy and the Environmental Protection Agency will share lessons learned as they have sought to increase mission and cost-effectiveness through technology. Guests include: Vaughn Noga, Acting Principal Deputy Assistant Administrator for Environmental Information, and Acting Deputy CIO, EPA Captain Scott Langley, USN, MCSE CEH CISSP, Commander Navy Reserve Forces Command N6 / Chief Technology Officer Maureen Ellenberger, Veterans Relationship Management, Program Manager, Veteran Affairs. Leaders from Microsoft will address our own lessons learned, and innovations coming into market, as we've enabled an increasingly mobile workforce requiring great security, run our business in the cloud, and learned new ways to increase productivity through social computing. Special sessions will focus on Department of Defense usage of Unified Communications, Dynamics CRM Productivity Applications & Mobile Devices Demonstrations Virtual attendees get bonus session material, take live polls and surveys, and can share ideas and ask questions to experts and executives through Chat, Twitter and Q&A. As an attendee of the virtual forum, we will help you put concepts into action, with a free 30 day trial for Office 365, buy back offers to help you move to newer hardware, and briefings on IaaS and datacenter transformation... All helping you make clear decisions on cloud computing and device strategies at your agency. See the full agenda for more information. REGISTER NOW Don't Wait! Register for the Microsoft Virtual Federal Forum March 4th, 2014. Registration is FREE! Manage Your Profile Please help us ensure that the content we are providing is most relevant to you and your organization by completing your profile. Update Your Profile REGISTER NOW Date: Tuesday, March 4, 2014 Time: 8:00 AM - 2:30 PM EST Keynote Speaker: The Honorable Tom Ridge Former Secretary U.S. Dept. of Homeland Security Location: Streaming LIVE from the Reagan Center in Washington, D.C. Share: Deliver lean government in the cloud Manage, enrich, and utilize agency data Connect government employees and citizens What's the real impact of virtualization on lean government? Download the infographic Federal Cloud: Manageability, Security, and Savings Download the whitepaper Learn how big data can help government agencies Download the whitepaper Where Big Data meets the Cloud Download the infographic Register for the Office 365 Webcast Series March 5 March 12 March 19 March 26 Learn more about this and other lean and modern government technology solutions at http://www.microsoft.com/government Microsoft respects your privacy. Please read our online Privacy Statement If you would prefer to no longer receive this newsletter, please click here. To set your contact preferences for other Microsoft communications, click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA