Welcome to the Microsoft Security Newsletter - a
monthly newsletter for IT professionals and developers
bringing security news, guidance, updates, and community
resources direct to your inbox. If you have suggestions
or comments about the Microsoft Security Newsletter,
please
send us your feedback.
Viewpoint
|
|
By Christopher Budd, Security Program Manager,
Microsoft Corporation
Although patch management is sometimes viewed as
a systems management discipline rather than a
security discipline, its role in addressing
vulnerabilities through the deployment of
updates makes it a vital component in an
organization's security operations. This article
outlines ten principles Microsoft follows that
you can use to improve the efficiency of your
patch management system.
|
Top Stories
|
|
The official name for the next version of
Microsoft Systems Management Server (SMS) 2003,
code-named "SMS V4," was announced at the
Microsoft Management Summit 2006. With the
release of the next version, SMS will officially
join the Microsoft System Center family of
products and be known as System Center
Configuration Manager 2007. Read about its
new features or
download the beta to preview Microsoft's
next-generation systems management solution for
yourself.
|
|
|
Security is everyone's responsibility, and there are things that we all can do
to create a safer computing environment. In this article, Microsoft security
experts Jesper Johansson and Steve Riley discuss common security myths, major
new security technologies, and best practices for improving security in your
infrastructure.
|
|
|
On April 13, Microsoft kicked off its 2006 Security Summits, a series of one-day
educational events that will take place in five cities throughout the United
States through the end of June. Provided at no charge, the summits serve as a
venue for IT professionals and developers to learn about key trends in the
security industry, to discover what Microsoft is doing to help customers address
risk and build business opportunities, and to participate in discussions on
specific security topics.
Read the press release for details and
register today.
|
Security Guidance
|
|
By Bobbie Harder, Program Manager, Windows
Server Update Services, Microsoft Corporation
Microsoft Windows Server Update Services (WSUS)
clients can be configured to provide update
installation and reboot behavior best suited to
your environment and your business needs. This
article focuses on configuration options that
define update notification, download,
installation, and post-install reboot. It also
discusses how you can use Group Policy or Local
Group Policy to modify Automatic Update
configuration on your WSUS clients to determine
what notification, download, install, and reboot
behavior your WSUS managed clients will
experience in updating from WSUS.
|
|
|
Learn how Microsoft Internet Security and Acceleration (ISA) Server 2004 Service
Pack 2 (SP2) can cache and serve content downloaded with Background Intelligent
Transfer Service (BITS)--a file transfer service used by Microsoft Windows
Update to download updates and service packs. BITS caching provides a more
efficient and effective rollout of updates and fixes by transferring data in
small chunks, utilizing unused bandwidth as it becomes available, and
reassembling the data at the destination.
|
|
|
This article describes how to install multiple Windows product updates (for
example, critical updates, security patches, or hotfixes) that use Hotfix.exe
(Microsoft Windows NT 4.0) or Update.exe (Microsoft Windows 2000, Microsoft
Windows XP, or Microsoft Windows Server 2003) with only one restart.
|
|
|
Are you wondering about the differences among these software distribution
products? Glance at this easy-to-read comparison table to learn which solution
is best for your organization.
|
|
|
Learn everything you need to know to install, configure, and start using WSUS to
manage updates throughout your organization. This article examines the various
configurations that WSUS supports and looks at the features that will help you
get WSUS up and running quickly.
|
|
|
This step-by-step document tells you how to deploy WSUS on your network,
including installing it on computers running Windows Small Business Server (SBS)
2003, configuring it to obtain updates, configuring client computers to install
updates, and approving and distributing updates.
|
|
|
Does your boss wants proof that updates were actually installed on every system?
This article outlines the Software Update Management features in SMS 2003 and
how to use these features to do controlled, phased deployments of updates to a
large number of computers and prove compliance through status messages and
reporting.
|
|
|
The SMS Extended Security Update Inventory Tool is a scan tool built for the
sole purpose of helping customers determine SMS client computers that may need
security updates that are not detectable using the existing SMS Security Update
Inventory Tool built on MBSA. Like the SMS Software Update Inventory Tool, it
also has the instructions for locating each applicable update, downloading the
update from Microsoft, and deploying it using SMS.
|
This Month's Security Bulletins
Critical:
Moderate:
MVP Update
|
|
|
|
Randy Franklin Smith is a CISA and SSCP, and he
publishes the free Patch Tuesday Observer
e-mail newsletter. Randy is the creator of the
Ultimate Windows Security seminar series and
author of the free
Security Log Encyclopedia. He writes
extensively for Windows IT Pro as a contributing
editor and has authored close to 300 articles on
security issues for publications like Windows
IT Pro and Information Security Magazine.
You can reach him at
rsmith@ultimateWindowsSecurity.com.
|
|
|
By Randy Franklin Smith
Patching is an indispensable component of a
secure, controlled environment. No matter what
other controls you have in place, some risks may
only be addressed by a patch. In this article,
Security MVP Randy Franklin Smith discusses some
of the benefits and challenges of deploying
patches across an organization.
|
Partners with Expertise in Security Solutions
|
|
Bluesocket wireless local area network (LAN) solutions help secure and control
wi-fi networks. They provide universal authentication, secure mobility, policy,
and bandwidth management through unparalleled interoperability with
heterogeneous network infrastructure and wireless LAN standards. By integrating
Microsoft Network Access Protection technologies, Bluesocket will help ensure
that an end user's device is free from viruses and worms and has the latest
required security patches, thereby helping businesses mitigate the risks posed
by employees and guests accessing enterprise resources through wireless
connections.
|
|
|
ManageSoft Security Suiteintegrated with Microsoft Network Access Protection
provides a comprehensive policy-based solution to automatically ensure security
compliance. In addition, the ManageSoft Security Suite transforms desktops,
laptops, and servers into self-auditing, self-patching, self-configuring devices
that provide health information for the Microsoft Network Access Protection
infrastructure.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
June 11-16, 2006, Boston, Massachusetts
TechEd 2006 provides attendees with technical
training, community resources, and a chance to
connect with Microsoft partners, industry gurus,
and Microsoft experts. Learn how to build,
deploy, secure, and manage solutions using the
full range of current and soon-to-be-released
Microsoft products.
|
|
|
Managing security updates is an issue of critical importance to system
administrators and IT managers. Microsoft offers many learning resources to help
you with this process. Find webcasts, virtual labs, and other resources that you
can use in assessing your environment and implementing an effective security
update management strategy.
|
Upcoming Security Webcasts
|
|
If you have already registered for Microsoft TechEd 2006, tune in to this series
of webcasts and get the most out of your time while you're there. Haven't yet
decided if you'll attend TechEd 2006? This webcast series will give you a
preview of what you can learn June 11-16, 2006, in Boston, Massachusetts. Plus,
attend a pre-TechEd webcast by May 12 and you could win a free pass to TechEd
2006. See the
official rules for details.
|
Microsoft On-Demand Security Webcasts
|
• |
NEW:
Learning Paths for Security: Connecting to Your
Customers More Securely
Secure connections are a top concern for
consumers and businesses alike. Get tips on how
to strengthen your network's security--from
preventing Web application attacks to providing
a trusted environment for transactions and
protecting customers against phishing--and find
out about the latest technology.
|
|
• |
NEW SERIES:
Top 10 Webcasts: Fast and Easy Access
Fast and easy access to on-demand webcasts-–what
could be better? After selecting your webcast,
simply enter your name, e-mail address, and
company name to start watching, or you can
download the webcasts to view when you’re
offline. We've selected the 10 highest-rated
Microsoft webcasts, as chosen by customers like
you. As always, these webcasts are free.
|
|
• |
How Microsoft IT Does Security Updates (Level
300)
With more than 200,000 clients in a challenging
environment, Microsoft IT continues to improve
its processes by merging data center and desktop
security update operations using the new
Inventory Tool for Microsoft Updates. This new
tool formalizes the security update management
service, improves reporting solutions, and makes
additional improvements that Microsoft shares
with other Microsoft Systems Management Server
customers. Join this webcast to learn from the
Microsoft IT department's experience.
|
|
• |
|
|
• |
Bonus: Attend any live webcast through June
2006 and you could win a 40 GB MP3/WMA player.
See
official rules for more details. Offer open
to residents of the United States and Canada
only.
|
|
• |
|
For IT Professionals: TechNet Webcasts
|
|
|
Volume 3, No. 5 
May 2006 |
|
Additional Security Resources
|
|
|
© 2006 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, MSDN, Windows, Windows NT,
Windows Server, and Windows Vista are either registered
trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries. The names of actual
companies and products mentioned herein may be the
trademarks of their respective owners. Digital
Signatures Help Make Microsoft Security Newsletters More
Secure
To help increase your security, Microsoft will soon begin
digitally signing all of its security newsletters with the
Internet standard, Secure Multipurpose Internet Mail
Extensions (S/MIME). This means that if you use Microsoft
Outlook, or another full-featured e-mail program, you have
an added assurance that the e-mail newsletter came from
Microsoft and has not been tampered with. However, many
Web-based e-mail programs and some other e-mail programs do
not support digital signing with S/MIME. To learn more,
please see
how digital signatures help make Microsoft security
newsletters more secure.
To cancel your subscription to this newsletter, reply to
this message with the word UNSUBSCRIBE in the Subject line.
You can also unsubscribe at
http://www.microsoft.com/info/unsubscribe.htm. You can
manage all your Microsoft.com communication preferences at
this site.
Legal
Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
