Microsoft Security News Letter

Top Stories
Security Compliance Management Toolkit Now Available
This toolkit provides you with best practices for planning, deploying, monitoring, and remediating a security baseline for your organization. The toolkit offers a proven method that you can use to effectively monitor the compliance state of a security baseline for the Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows Server 2003 with SP2 operating systems.
Introducing the Microsoft Forefront Integration Kit for Network Access Protection
Microsoft Forefront Client Security and Network Access Protection together provide an additional defense-in-depth layer against malicious attacks and give administrators a significant degree of control over the security and health of networked computers. This kit includes a Forefront Client Security system health agent (SHA) and system health validator (SHV) Deployment Guide, SHV and SHA components for 32-bit and 64-bit platforms, and supplementary materials.
Try System Center Mobile Device Manager 2008 Today
Download the 120-day trial software to see firsthand how Microsoft System Center Mobile Device Manager 2008 with the Windows Mobile 6.1 operating system can help to improve mobile device security, simplify management, and lower costs.
Beta Opportunity: Forefront Security for Office Communications Server
Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners and helps reduce corporate liability by blocking IM messages containing inappropriate content. Download the beta and try it for yourself.

Security Guidance
Windows Server 2008 in an Organization’s Defense-in-Depth Strategy
Get an overview of the different security features and enhancements in Windows Server 2008 and learn how you can use them in your organization's defense-in-depth strategy.
Application Lockdown with Software Restriction Policies
When you want to reduce the total cost of ownership of the workstations in your organization, application lockdown can be a great help, helping you to limit IT issues related to unsupported applications. See how you can use software restriction policies and Group Policy to control the applications that are run throughout your IT infrastructure.
Windows Vista Security Policy Settings
Security policy settings are among the settings that are contained in Group Policy objects (GPOs) in Windows Vista. Learn about the new security policy settings for Windows Vista and about those that have changed from Windows XP.
Why Physical Security Is Important
The physical security of your server computers is an important but often overlooked part of the entire security checklist. Read this article for reminders on how to help prevent unauthorized personnel from gaining access to the physical computers, as well as for tips and tricks.
Plan Security Hardening for Extranet Environments
Learn about the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network.
Network Access Protection in Configuration Manager 2007
The Microsoft System Center Configuration Manager 2007 Network Access Protection (NAP) feature provides a set of tools and resources that can enforce compliance of software updates on client computers to help protect the integrity of your enterprise network. Get detailed information about planning, configuring, managing, monitoring, and troubleshooting NAP.
Validating ASP.NET Query Strings
The query string is a potential vehicle for attack on pages that have security holes. The QueryString module presented in this article requires no coding in source pages and automatically checks the posted query string against a given schema that is saved in a separate XML file. This means there’s one more built-in barrier against attackers but with zero impact on existing code.
Payment Card Industry Data Security Standard Compliance Planning Guide
Intended for merchants who accept payment cards, financial institutions that process payment card transactions, and service providers__third-party companies that provide payment card processing or data storage services__this guide is designed to help organizations meet Payment Card Industry Data Security Standard (PCI DSS) requirements.

This Month's Security Bulletins
Critical:
•MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
•MS08-031: Cumulative Security Update for Internet Explorer (950759)
•MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Important:
•MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745)
•MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)
•MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
Moderate:
•MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)