Microsoft Security Newsletter
Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

Security Viewpoint   
By Mark Hassall, Director, Microsoft Security Product Management
IT environments are often complex, with a myriad of management, monitoring, and reporting tools and processes, some industry-specific and some not. Maintaining this requires expertise across multiple specialties -- and it often requires solutions and services provided by specialists. The question becomes: which partners can you trust to help you secure and manage your IT infrastructure?

Top Stories
Get the latest information about malware and potentially unwanted software on the Microsoft Malware Protection Center Portal. Browse the MMPC’s malware encyclopedia, download the latest virus/spyware definitions, submit malware samples, and find links to additional content.
For reasons both technical and cultural, the manila file folder has remained the platform of choice for caregivers and their patients -- until now. Learn the healthcare industry is taking advantage of plentiful wireless connections and sophisticated mobile technologies running smoothly on handheld devices. New security enhancements for those devices help ensure patient confidentiality and usher health records into the digital era.
Certificates are a key component in your infrastructure -- when one expires, productivity can come to a halt. If you rely on a Microsoft PKI environment, the new Identity Lifecycle Manager Certificate Management (ILM-CM) solution can help keep things running smoothly. Find out how this tool can help you improve authentication processes and reduce certificate management costs.

Security Guidance
By Mike Danseglio, Senior Group Program Manager, Security & Compliance Solution Accelerators, Microsoft Corporation
This article presents six easy steps that every company should take to enhance computer security in terms of getting the proverbial biggest bang for the security buck. Each suggestion is described in some detail with links to more in-depth treatments, templates, and tools.
When it comes to security, professional services companies are hampered by tight IT budgets, an ever-increasing amount of content, and a lack of dedicated security personnel. Protecting data at services firms may require a melding of technology and services to get the job done. This article offers some guidelines to help midsize professional service firms.
Few organizations face more or greater security threats than financial services companies. Here are the first and most important steps every financial services business should take to safeguard its customers, protect its assets, and comply with regulations.
Is your IT network's security at risk from outside partners and suppliers? Learn how you can help protect your business.
This checklist outlines the seven security matters that every government organization should address in attempting to protect its computer systems.
The realm of government IT security is expanding into the realm of secure and reliable communications in times of citizen crisis. IT teams must guard against security failures that will erode public trust. This article outlines the key components that comprise the ever-growing task list of government IT teams and provides three areas those teams should focus on when it comes to security -- both now and in the future.
Get the prescriptive technical guidance, tools, training, and updates you need to plan and manage a security strategy that’s right for your school or university.
Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls. Because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user. This article outlines some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets.

This Month's Security Bulletins

MVP Update
MVP of the Month: Harry L. Waldron   
Harry started in the security profession in 1996. He provides security news, articles, and best practices for several technical forums, including McAfee, My IT Forums, Aumha, Calendar of Updates, MVS Help Forums, CNET, Tech Republic, and Bleeping Computers. Professionally, he works as a senior developer for Fairfax Information Technology Services, where he provides technical support, applications development support, project planning, and leadership on key projects.
By Harry L. Waldron, CPCU, AAI, Microsoft MVP
Security is a challenging corporate function for every business to ensure safety, privacy, and confidentiality. In this article, Microsoft MVP Harry L. Waldron uses the insurance industry as an example of how information security is a necessary consideration for businesses across all industries.

Partners with Expertise in Security Solutions
Brabeion Software helps organizations achieve and sustain compliance through a full lifecycle policy, standards and IT control management software platform powered by comprehensive information risk and audit content. Over 300,000 users across a wide range of vertical markets including financial services, oil and gas, healthcare, government, and transportation have deployed Brabeion solutions to accelerate time to compliance, protect information assets and mission-critical systems, lower costs, and optimize IT controls.
SecureWave Sanctuary ensures confidentiality and integrity of sensitive financial information by enforcing encryption when that information is copied to removable media. Sanctuary also provides detailed audit information to prove GLBA compliance, which requires all financial institutions to protect the security and confidentiality of customers’ nonpublic personal information.
SPI Dynamics’ comprehensive suite of products and services identify and remediate Web application and Web services security vulnerabilities throughout the application development lifecycle. These award-winning solutions also enable security professionals, QA testers, and developers to work together to verify compliance with over 22 security policies such as SOX, HIPAA, and PCI. SPI Dynamics has the most application security testing customers worldwide with clients in the financial, government, accounting, telecommunications, technology hardware, and healthcare industries.

Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site.
See a list of supported service packs: Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Security Events and Training
Combined, Microsoft Forefront and Microsoft System Center help make security and manageability a seamless part of your development experience. Attend a launch event in your area to test-drive the new products, receive trial software, and network with technology partners, peers and experts.
With an increasing number of endpoint devices connecting to your network today, IT workers face increasing challenges around security. Learn how to gain more control over your servers and desktops, as well as your endpoint devices. The solutions and technologies in this month’s Learning Path for Security will help you address challenges such as malware, breaches, and other security threats.

Upcoming Security Webcasts
Microsoft Webcast: Windows Server 2008 Security Enhancements (Level 200)
Thursday, August 9, 11:00 A.M. Pacific Time
Ward Ralston, Senior Technical Product Manager, Microsoft Corporation
Interactive Security Webcast Calendar
Upcoming security webcasts in a dynamic, interactive format.
Microsoft On-Demand Webcasts
Microsoft Webcast: Optimize Your Identity and Access Management Infrastructure
Due to security issues, privacy concerns, and regulatory compliance, identity and access management projects have become one of the top IT priorities in organizations across all industries. Join this webcast as we explain conceptual identity and access management projects and solutions in the context of an IT infrastructure optimization model that would allow your organization to plan and deploy these solutions in a phased manner. We also evaluate Microsoft and partner identity and access management solutions against the same framework.
For IT Professionals
TechNet Webcast: Troubleshooting Forefront Client Security (Level 200)
Friday, July 13, 9:30 A.M. Pacific Time
Shawn Travers, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Security and Enterprise Features of System Center Operations Manager 2007 (Level 200)
Monday, July 16, 11:30 A.M. Pacific Time
John Baker, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Deploying IPSec with Windows Vista (Level 200)
Wednesday, July 25, 9:30 A.M. Pacific Time
John Baker, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Technical Overview of Forefront Security for Exchange Server (Level 200)
Wednesday, July 25, 1:00 P.M. Pacific Time
Bryan Von Axelson, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Recipient Management, Policies, and Permissions in Exchange Server 2007 (Level 200)
Friday, July 27, 11:30 A.M. Pacific Time
Kevin Remde, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Windows Server 2008 Technical Overview (Part 2 of 2) (Level 200)
Friday, August 10, 11:30 A.M. Pacific Time
Michael Murphy, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Group Policy in Windows Vista (Level 200)
Monday, August 13, 9:30 A.M. Pacific Time
John Baker, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Painless Data Protection (Level 200)
Monday, August 13, 1:00 P.M. Pacific Time
Bryan Von Axelson, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200)
Wednesday, August 15, 11:00 A.M. Pacific Time
Christopher Budd, Security Program Manager, Microsoft Corporation, and Mike Reavey, Group Manager MSRC, Microsoft Corporation
For Developers
Explore Web Development with ASP.NET 2.0
Various dates in July and on-demand
Tune in and learn about the improvements in Microsoft ASP.NET 2.0 and see how you can use ASP.NET 2.0 to create faster, more secure Web applications with fewer lines of code.

Security Newsletter
Volume 4, No. 7

July 2007
In This Issue:
Top Stories
Security Guidance
This Month's Security Bulletins
MVP Update
Partners with Expertise in Security Solutions
Microsoft Product Lifecycle Information
Security Events and Training
Upcoming Security Webcasts
Security Program Guide
Microsoft Security Awareness Toolkit
Guidance, samples, and templates for creating a security-awareness program in your organization.
Learn Security On the Job
Learning Paths for Security - Microsoft Training References and Resources
Upcoming Chats
Understanding Windows Server 2008 Networking and Network Access Protection
July 16, 10:00 A.M. Pacific Time
Join our experts and ask your pressing questions about key networking features and roles, like Network Access Protection, in Windows Server 2008.
SystemCenter Configuration Manager 2007 Internet Based Client Management and Native Mode
July 24, 10:00 A.M. Pacific Time
This Q&A with the SCCM 2007 Client team will focus on Internet-Based Client Management and Native Mode Security Configuration.
Get Ready for Data Protection Manager 2007 Beta 2
July 31, 8:00 A.M. Pacific Time
Join this webcast to be among the first to discuss the new features in DPM 2007 beta 2, including protection of virtual servers, SharePoint, and Windows desktops, along with disaster recovery capabilities.
Windows Server 2008: Management, Security, and Improved Performance for Your Remote Infrastructure
August 14, 10:00 A.M. Pacific Time
Join us for a Q&A on the new features in Windows Server 2008 that will help you manage and secure your remote infrastructure. The WAN performance improvements included in the new TCP and SMB protocols will also be covered. Ask our experts about Windows BitLocker Drive Encryption, improvements in Active Directory, Server Core, the Next-Generation TCP stack, and SMB 2.0.
Free In-Person Events
TechNet Events
Security Blogs
Michael Howard RSS
Eric Lippert RSS
Eric Fitzgerald RSS
Steve Lamb RSS
Jeff Jones RSS
Windows Vista Security RSS
User Account Control Team RSS
Solution Accelerators - Security & Compliance RSS
Kai Axford RSS
Security Newsgroups
General Security issues/questions
Open with newsreader
Virus issues/questions 
Open with newsreader
ISA Server
Open with newsreader
Windows 2000: Security
Open with newsreader
Windows XP: Security Administration
Open with newsreader
SQL Server: Security
Open with newsreader
Windows Server: Security
Open with newsreader
Other Security Newsgroups
Community Web Sites
IT Pro Security Community
Security Newsgroups
Related Communities
Additional Security Resources
Security Help and Support for IT Professionals
TechNet Troubleshooting and Support Page
Microsoft Security Glossary
TechNet Security Center
MSDN Security Developer Center 
Midsize Business Security Center
Sign-Up for the Microsoft Security Notification Service
Security Bulletin Search Page
Home Users: Protect Your PC
MCSE/MCSA: Security Certifications
Subscribe to TechNet
Register for TechNet Flash IT Newsletter
Subscribe to MSDN
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, BitLocker, Forefront, SharePoint, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft Group of companies. All other trademarks are property of their respective owners.

To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at You can manage all your communication preferences at this site.

Legal Information.

This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA

Sign up for other newsletters | Unsubscribe | Update your profile
© 2007 Microsoft Corporation  Terms of Use | Trademarks | Privacy Statement