Welcome to the Microsoft Security Newsletter - a
monthly newsletter for IT professionals and developers
bringing security news, guidance, updates, and community
resources direct to your inbox. If you have suggestions
or comments about the Microsoft Security Newsletter,
please
send us your feedback. To view an online version of
this newsletter, please click
here. If you would like to receive less technical
security news, guidance and updates, please subscribe to
the
Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Mary Landesman, Technical Editor, Microsoft
Security Research and Response
A significant evolution has occurred in the
malware landscape over the past five years -- a
change of intent from amateur virus writers
seeking attention to professional criminals
seeking profit. But in the past year, a more
abrupt shift has taken place -- a change in
target. This article discusses this shift, the
impact on the user and on the technology, and
the multipronged approach Microsoft is taking to
address this latest stage in the malware
evolution.
|
Top Stories
|
|
People need to be educated on what your
organization considers appropriate
security-conscious behavior, and also what
security best practices they need to incorporate
in their daily business activities. This toolkit
provides guidance, samples, and templates for
creating a security awareness program in your
organization.
|
|
|
Microsoft has announced the availability of
Windows Defender in Spanish, Italian, Dutch,
Portuguese (Brazil), and Russian. These
languages are in addition to German and
Japanese, which were made available last year.
As part of our commitment to deliver world-class
software, we will continue to deliver additional
localized versions of Windows Defender during
the first half of 2007 through the Windows
Defender Download Center.
|
|
|
The 2007 Microsoft Office Security Guide will
provide instructions and recommendations on how
to help strengthen the security of the 2007
Microsoft Office system on Windows Vista or
Windows XP SP2 desktops and laptops. The
Microsoft Solution Accelerators -- Security &
Compliance team is currently conducting a
requirements survey for this guide and needs
input from customers and partners. This is your
chance to help shape this important security
guide in its early stages, and to make sure that
your most important needs are addressed. Click
here to participate.
|
|
|
Infrastructure Optimization provides a logical
roadmap to progress from reactive to proactive
IT service management. This document introduces
high-level concepts for planning, building,
deploying, and managing these capabilities and
provides links to relevant resources where
more-detailed and more-actionable content can be
found. Use the information contained in this
guide to help you assess your organization's
optimization level and move from the Basic level
to the Standardized level.
|
Security Guidance
|
|
By Christopher Budd, Security Program Manager,
Microsoft Corporation
Effectively combating malicious software
requires the combination of three critical
elements: people, processes, and technology.
This article focuses on the process element and
talks about the incident response process,
asserting that, in many ways, this is the most
important process element in a comprehensive
strategy for dealing with malicious software.
|
|
|
Windows Vista includes several new technologies
that you can use to help enhance protection
against malware for computers running Windows
Vista in your environment. This chapter from the
Windows Vista Security Guide provides
overviews of these technologies, and
recommendations on how to configure them when
applicable.
|
|
|
The Microsoft Windows Malicious Software Removal
Tool is primarily intended for noncorporate
users who do not have an existing, up-to-date
antivirus product installed on their computers.
However, the tool can also be deployed in an
enterprise environment to enhance existing
protection and as part of a defense-in-depth
strategy. Read this article for guidance on how
to deploy the tool in an enterprise environment.
|
|
|
Software restriction policies are one of many
important management features in Windows Vista
and earlier operating systems (Windows XP and
Windows Server 2003). This article provides an
in-depth look at the new Software Restriction
Policy features in Windows Vista and Windows
Longhorn Server, and how they can help meet
current security challenges.
|
|
|
This chapter from the Windows XP Security Guide
shows how software restriction policy protects
computers that run Windows XP Professional
against known conflicts and safeguards them
against malicious software such as viruses and
Trojan horse programs.
|
|
|
Microsoft Forefront Client Security provides
unified malware protection for business
desktops, laptops, and server operating systems.
Check out the TechCenter for information about
the public beta and troubleshooting guide as
well as links to the Forefront Client Security
Technical Library, team blog, and discussion
forums.
|
|
|
Learn how ISA Server 2006 addresses the key
concerns of information technology (IT)
administrators tasked with safeguarding their IT
environment. The article outlines ISA Server
network protection features, describes how ISA
Server mitigates attacks, and provides best
practices that IT professionals should follow to
configure ISA Server to better protect their
networks.
|
|
|
This document will provide you with a
recommended process and procedures to use when
responding to intrusions identified in a small-
to medium-based (SMB) network environment. The
value of forming a security incident response
team with explicit team member roles is
explained, as well as how to define a security
incident response plan.
|
|
|
This guide discusses processes and tools for use
in internal computer investigations. It
introduces a multiphase model that is based on
well-accepted procedures in the computer
investigation community. It also presents an
applied scenario example of an internal
investigation in an environment that includes
Microsoft Windows–based computers.
|
|
|
Whether you're building a new system or updating
an existing one, you'll want to consider how an
intruder might go about attacking it and then
build in appropriate defenses at the design and
implementation stages of the system.
|
|
|
This white paper provides guidelines and
suggested best practices for independent
software vendor (ISV) developers on how to
integrate their products with the new security
infrastructure of User Account Control (UAC) on
Microsoft Windows Vista.
|
This Month's Security Bulletins
Microsoft has no security bulletins to release as part
of the monthly release cycle for the month of March. As
there are no new bulletins this month, we will not be
holding our monthly TechNet Security Bulletin webcast,
originally scheduled for Wednesday, March 14, 2007. The
next scheduled Security Bulletin release will be on
Tuesday April 10, 2007.
MVP Update
|
|
|
|
Paul, a.k.a. Zhen-Xjell, has been a techno-geek
since the 1970s. With the 1980s, he became
involved in DOS and Windows. During the 1990s,
he obtained a Bachelor's degree in pure
Mathematics and expanded his reach into PCBoard,
Centipede, Ygdrasil, Fidonet, Unix, and Linux,
while volunteering as an EMT and firefighter.
His professional career began in 1995.
These days Paul loves to hang out at
CastleCops.com (which he founded in 2002),
among other security lists and sites. His
passions include programming, system hardening,
security, and privacy. Paul and his wife Robin
(who is also a Microsoft MVP in
Windows-Security) are proud parents of their
first son Peyton and Paul's world revolves
around his family.
|
|
|
By Paul Laudanski, CastleCops, Microsoft MVP
Windows-Security
This article takes a look at the evolution and
current state of the malicious software
landscape and offers recommendations that can
help users secure their computers and networks
against such threats as botnets, phishing, and
rootkits.
|
Partners with Expertise in Security Solutions
|
|
Fortinet is the pioneer and leading provider of
ASIC-accelerated multithreat security systems,
which are used by enterprises and service
providers to increase their security while
reducing total operating costs. Fortinet
solutions were built from the ground up to
integrate multiple levels of security protection
-- including firewall, antivirus, intrusion
prevention, VPN, spyware prevention, and
antispam -- providing customers with a way to
protect themselves from multiple as well as
blended threats.
|
|
|
SecureWave is a pioneer in endpoint security,
helping organizations to proactively secure
their environments from data threats including
data leakage, malware, and spyware. With
SecureWave's Sanctuary organizations can set and
enforce policies for device and application use
that overcome tomorrow's security and
operational challenges today.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Tech-Ed 2007 will take place June 4-8 in
Orlando, Florida. The Security Track at this
year's conference will focus on showing
attendees how to better protect their
enterprises with Forefront Client Security,
Forefront Server for Exchange and SharePoint,
Exchange Server 2003, SQL Server 2005, and
Microsoft management technologies. Security
sessions will feature information on the latest
security resources and technologies. You will
also hear from experts on architecting and
managing a more secure integrated
infrastructure. Register before April 6 and save
$200 off the regular rate.
|
|
|
Learn how to help secure your environment from
malware attacks. In this Learning Path,
Microsoft experts provide guidance and resources
for understanding malware and its associated
risks, and for taking appropriate
countermeasures using Microsoft technologies.
Learn about malware-related planning,
protection, detection, and response.
|
Upcoming Security Webcasts
|
|
Thursday, March 15, 11:00 AM Pacific Time
Join this session to learn how the Fundamental
Computer Investigation Guide for Windows
provides you with the best practices and tools
you need to investigate suspicious use of
computers and networks at your organization.
|
|
|
Monday, March 19, 11:00 AM Pacific Time
In this session, we show you how to guard your
desktop infrastructure against emerging
malicious software threats, such as spyware and
rootkits, and traditional threats, like viruses,
worms, and Trojan horses.
|
|
|
Wednesday, March 21, 11:00 AM Pacific Time
Explore how you can use identity and access management methods to ensure mobile
users, customers, and partners outside of the corporate firewall have access to
company resources.
|
Microsoft On-Demand Security Webcasts
|
• |
Advanced Malware Cleaning
Today's IT administrator needs to be prepared to
identify, analyze, and remediate malware that
slips through layered defenses because most
antimalware solutions depend on signatures of
known threats. This session takes you on a tour
of malware infection and persistence
technologies, including rootkits, and shows you
on real malware infections how to use
sophisticated tools like Sysinternals.com,
freeware tools such as Process Explorer,
Autoruns, and RootkitRevealer to clean malware.
|
|
• |
Live From Redmond: The Brave New World of AJAX
Hacking (and Prevention Using ASP.NET)
This webcast covers advanced cross-site
scripting (XSS) attack methods, such as Web
malware, XSS in e-mail, data mining with AJAX,
and viruses that run inside of Web browsers. We
cover the impact of these attacks and how they
can be used to steal cookies. In addition, we
review how mistakes in AJAX style programming
could introduce security vulnerabilities into
your code.
|
|
• |
|
For IT Professionals: TechNet Webcasts
|
• |
|
|
• |
|
|
• |
|
|
• |
|
|
• |
|
|
• |
Information About Microsoft April Security
Bulletins (Level 200)
Wednesday, April 11, 11:00 AM Pacific Time
Christopher Budd, CISA, CISM, CISSP, ISSMP
Security Program Manager, PSS Security,
Microsoft Corporation and Mike Reavey, Lead
Security Program Manager, Microsoft Corporation
|
For Developers: MSDN Webcasts
|
