body { margin:0px; padding:0px; background:#f6f6f6; color:#000000; font-size: small; } #outer-wrapper { font:normal normal 100% 'Trebuchet MS',Trebuchet,Verdana,Sans-Serif; } a { color:#DE7008; } a:hover { color:#9E5205; } a img { border-width: 0; } #content-wrapper { padding-top: 0; padding-right: 1em; padding-bottom: 0; padding-left: 1em; } @media all { div#main { float:right; width:66%; padding-top:30px; padding-right:0; padding-bottom:10px; padding-left:1em; border-left:dotted 1px #e0ad12; word-wrap: break-word; /* fix for long text breaking sidebar float in IE */ overflow: hidden; /* fix for long non-text content breaking IE sidebar float */ } div#sidebar { margin-top:20px; margin-right:0px; margin-bottom:0px; margin-left:0; padding:0px; text-align:left; float: left; width: 31%; word-wrap: break-word; /* fix for long text breaking sidebar float in IE */ overflow: hidden; /* fix for long non-text content breaking IE sidebar float */ } } @media handheld { div#main { float:none; width:90%; } div#sidebar { padding-top:30px; padding-right:7%; padding-bottom:10px; padding-left:3%; } } #header { padding-top:0px; padding-right:0px; padding-bottom:0px; padding-left:0px; margin-top:0px; margin-right:0px; margin-bottom:0px; margin-left:0px; border-bottom:dotted 1px #e0ad12; background:#F5E39e; } h1 a:link { text-decoration:none; color:#F5DEB3 } h1 a:visited { text-decoration:none; color:#F5DEB3 } h1,h2,h3 { margin: 0; } h1 { padding-top:25px; padding-right:0px; padding-bottom:10px; padding-left:5%; color:#F5DEB3; background:#DE7008; font:normal bold 300% Verdana,Sans-Serif; letter-spacing:-2px; } { color:#9E5205; font:normal bold 160% Verdana,Sans-Serif; letter-spacing:-1px; } a, a:visited { color: #9E5205; } { margin-top:10px; margin-right:0px; margin-bottom:0px; margin-left:0px; color:#777777; font: normal bold 105% 'Trebuchet MS',Trebuchet,Verdana,Sans-serif; } h4 { color:#aa0033; } #sidebar h2 { color:#B8A80D; margin:0px; padding:0px; font:normal bold 150% Verdana,Sans-serif; } #sidebar .widget { margin-top:0px; margin-right:0px; margin-bottom:33px; margin-left:0px; padding-top:0px; padding-right:0px; padding-bottom:0px; padding-left:0px; font-size:95%; } #sidebar ul { list-style-type:none; padding-left: 0; margin-top: 0; } #sidebar li { margin-top:0px; margin-right:0px; margin-bottom:0px; margin-left:0px; padding-top:0px; padding-right:0px; padding-bottom:0px; padding-left:0px; list-style-type:none; font-size:95%; } .description { padding:0px; margin-top:7px; margin-right:12%; margin-bottom:7px; margin-left:5%; color:#9E5205; background:transparent; font:bold 100% Verdana,Sans-Serif; } .post { margin-top:0px; margin-right:0px; margin-bottom:30px; margin-left:0px; } .post strong { color:#000000; font-weight:bold; } pre,code { color:#999999; } strike { color:#999999; } .post-footer { padding:0px; margin:0px; color:#444444; font-size:80%; } .post-footer a { border:none; color:#968a0a; text-decoration:none; } .post-footer a:hover { text-decoration:underline; } #comments { padding:0px; font-size:110%; font-weight:bold; } .comment-author { margin-top: 10px; } .comment-body { font-size:100%; font-weight:normal; color:black; } .comment-footer { padding-bottom:20px; color:#444444; font-size:80%; font-weight:normal; display:inline; margin-right:10px } .deleted-comment { font-style:italic; color:gray; } .comment-link { margin-left:.6em; } .profile-textblock { clear: both; margin-left: 0; } .profile-img { float: left; margin-top: 0; margin-right: 5px; margin-bottom: 5px; margin-left: 0; border: 2px solid #DE7008; } #sidebar a:link { color:#999999; text-decoration:none; } #sidebar a:active { color:#ff0000; text-decoration:none; } #sidebar a:visited { color:sidebarlinkcolor; text-decoration:none; } #sidebar a:hover { color:#B8A80D; text-decoration:none; } .feed-links { clear: both; line-height: 2.5em; } #blog-pager-newer-link { float: left; } #blog-pager-older-link { float: right; } #blog-pager { text-align: center; } .clear { clear: both; } .widget-content { margin-top: 0.5em; } /** Tweaks for layout editor preview */ body#layout #outer-wrapper { margin-top: 0; } body#layout #main, body#layout #sidebar { margin-top: 10px; padding-top: 0; } -->

Thursday, December 11, 2008

[Microsoft Security Newsletter] 2008-12-12

Featured Article
Monitoring Malware Through the Edge with Microsoft Forefront Threat Management Gateway
By Yuri Diogenes, Security Support Engineer, Microsoft ISA and IAG Team Learn how to monitor your traffic with either real-time logging or on-demand reporting. Explore how to use new fields on the dashboard and real-time logging to instantly see if the traffic contains a piece of malware, the threat level, and whether it was cured. In addition, see how you can use new reports to work proactively to investigate trends and identify systems that may be compromised.

Top Stories
Secure and Monitor Your Windows and Office Environment -- Join the Beta Now
Project Codename Sundance provides you with an end-to-end solution to help your organization plan, deploy, and monitor security baselines of Windows operating systems and Microsoft Office 2007 applications. The beta release is available now for your review through January 6, 2009. After joining the beta review program, bookmark this link to the program site to get the latest information about upcoming events.
Get the Free Windows HPC Server 2008 Trial
Windows HPC Server 2008 can help shorten time-to-insight for HPC workload through easier deployment and management. By using the existing Windows-based information technology (IT) infrastructure, HPCS brings the security benefits of Windows Server to cluster environments and can provide a seamless parallel computing environment from desktop to the server.
Live Interview and Demo from Tech__Ed EMEA: Security Assessment
Check out the demo in this Tech__Ed Online interview with the Group Product Manager behind the Microsoft Security Assessment Tool. Through the easy-to-use assessment process, you will find prioritized tasks with industry guidance, best practices, and recommendations to resolve security issues identified in the detailed reports.

Security Guidance
Security Tip of the Month: Security Considerations in High-Performance Computing
This article describes how you can monitor your traffic with either real-time logging or on-demand reporting. Learn how you can use new fields on the dashboard and real-time logging to instantly see if the traffic contains a piece of malware, the threat level, and whether it was cured. You can also see how to use new reports to work proactively to investigate trends and identify systems that may be compromised.
Technical Overview of Windows HPC Server 2008
Because HPC clusters are being adopted by a broad range of mainstream users for mission-critical applications, security and integration with the existing infrastructure are essential. Read this technical overview to learn how Windows HPC Server 2008 uses the Active Directory service to enable role-based security for all cluster jobs and administration.
Windows HPC Server 2008: Using MS-MPI
MPI and MPI2 are widely accepted specifications for managing messaging in high-performance clusters. Among the most widely accepted implementations of Message Passing Interface (MPI) is the open-source Argonne National Laboratory MPICH2 reference implementation. At the API level, MS MPI is identical to the more than 160 APIs implemented by MPICH2. At the same time, MS MPI adds enhanced security and process management capabilities for enterprise environments and a new execution-tracing feature for Windows HPC Server 2008. Read this white paper for more details.
HPC Pack 2008 SDK
Microsoft HPC Server 2008 provides secure, scalable cluster resource management, a job scheduler, and an MPI stack for parallel programming. Download the Microsoft HPC Pack 2008 SDK to get the tools and content necessary to write parallel applications for the Windows HPC Server 2008 platform.
Securing the HPC Session
HPC uses HPC sessions to support the service-oriented architecture (SOA) programming model based on Windows Communication Foundation (WCF). The SOA programming model is ideal for writing interactive, parallel applications that provide near real-time calculation of complex algorithms, such as Monte Carlo simulations and BLAST searches. Read this topic for tips on how to secure the HPC session.
Use Windows Server 2008 to Develop Federation-Aware Applications
Extend Web applications inside your firewall to vendors, partners, and other trusted organizations with secure, authenticated, and controlled external access.

This Month's Security Bulletins
•MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
•MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
•MS08-073: Cumulative Security Update for Internet Explorer (958215)
•MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
•MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
•MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
•MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
•MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Support Lifecycle Web site.
See a List of Supported Service Packs: Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Security Events and Training
Learning Paths for Security: Securing Business Intelligence
While data warehousing is primarily concerned with the integration of vast amounts of data across multiple business systems, business intelligence is concerned with how to use that integrated data to make strategic business decisions. Security becomes an immediate concern whenever private corporate data is accessed. Stories of conspicuous data leaks have been making news headlines for years. Use this learning path to help you take security into consideration when developing a business intelligence strategy.
Windows FireStarter Live Meeting
Friday, December 12, 8:30 AM Pacific Time Attention developers and IT professionals! Do not miss this live virtual event where you will learn best practices for developing for Windows for standard users, delve into specifics around Windows security and BitLocker, and get a preview of Windows 7 and Windows Server 2008 R2.

Upcoming Security Webcasts
Interactive Security Webcast Calendar
Upcoming security webcasts in a dynamic, interactive format.
For IT Professionals
TechNet Labcast: Exchange Server 2007 (Part 2 of 5): Configuring an Edge Server and Compliance and Retention Using Exchange Server 2007 RTM (Level 200) Thursday, December 11, 11:00 AM Pacific Time Jeff Sparks, Senior Consultant, United Training
TechNet Webcast: Security Deployment Review Tool (Level 200) Monday, December 15, 11:00 AM Pacific Time Anil Kumar Revuru, Senior Software Design Engineer, Microsoft Corporation
TechNet Webcast: Supporting PHP and Open Source in the Windows Environment (Level 200) Tuesday, December 16, 8:00 AM Pacific Time Keith Combs, IT Pro Evangelist, Microsoft Corporation
TechNet Webcast: Windows BitLocker for the Enterprise: Notes from the Field (Level 200) Tuesday, December 16, 11:00 AM Pacific Time Richard Lewis, Security Architect, Microsoft Corporation
TechNet Labcast: Exchange Server 2007 (Part 4 of 5): Configuring Unified Messaging and Enabling Remote Client Access (Level 200) Thursday, December 18, 11:00 AM Pacific Time Jeff Sparks, Senior Consultant, United Training
TechNet Labcast: Exchange Server 2007 (Part 5 of 5): Using Local Continuous Replication and Cluster Continuous Replication (Level 200) Friday, December 19, 11:00 AM Pacific Time Jeff Sparks, Senior Consultant, United Training
TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200) Wednesday, January 14, 2009 6:30 PM Pacific Time Mike Reavey, Group Manager MSRC, Microsoft Corporation
For Developers
MSDN Webcast: SharePoint Products and Technologies for Internet Site Development: Search (Level 200) Thursday, December 18, 11:00 AM Pacific Time Robert Bogue, President, Thor Projects
MSDN Webcast: SharePoint Products and Technologies for Internet Site Development: Content Deployment (Level 200) Tuesday, January 06, 2009, 11:00 AM Pacific Time Andrew Connell, MVP MOSS, Senior Instructor, Ted Pattison Group
MSDN Webcast: Security Development Lifecycle Threat Modeling for Developers (Level 200) Thursday, January 15, 2009, Noon Pacific Time Adam Shostack, Senior Program Manager, Microsoft Corporation
Microsoft On-Demand Webcasts
TechNet Webcast: Windows HPC Server 2008: High Availability and Diagnostics for High-Performance Computing (Level 100) The Windows Server 2008 operating system, the next generation of Windows Server, is designed to help high-performance computing (HPC) administrators maximize control over their infrastructure, while providing enhanced availability and management capabilities. This leads to a significantly more secure, reliable server environment than ever before. Join this session to learn how you can tune Windows HPC Server 2008 to take advantage of high availability.

Volume 5, No. 12December 2008
In This Issue:

Featured Article
Top Stories
Security Guidance
This Month's Security Bulletins
Microsoft Product Lifecycle Information
Security Events and Training
Upcoming Security Webcasts

Security Program Guide
Security Awareness Materials Guidance, samples, and templates for creating a security-awareness program in your organization.
Learn Security On the Job
Learning Paths for Security - Microsoft Training References and Resources

Upcoming Chats
View a listing of upcoming technical chats
Free In-Person Events
TechNet Events

Security Blogs
Michael Howard
Eric Lippert
Eric Fitzgerald
Steve Lamb
ACE Team
Jeff Jones
Windows Vista Security
Solution Accelerators - Security & Compliance
Kai Axford
Security Vulnerability Research & Defense
Steve Riley
Security Development Lifecycle (SDL)
Security Newsgroups
General Security issues/questions Open with newsreader
Virus issues/questions Open with newsreader
ISA Server Open with newsreader
Windows 2000: Security Open with newsreader
Window Vista: Security Open with newsreader
SQL Server: Security Open with newsreader
Windows Server: Security Open with newsreader
Other Security Newsgroups
Community Web Sites
IT Pro Security Community
Security Newsgroups
Related Communities
Additional Security Resources
Security Help and Support for IT Professionals
TechNet Troubleshooting and Support Page
Microsoft Security Glossary
TechNet Security Center
MSDN Security Developer Center
Midsize Business Security Center
Sign-Up for the Microsoft Security Notification Service
Security Bulletin Search Page
Home Users: Protect Your PC
MCSE/MCSA: Security Certifications
Subscribe to TechNet
Register for TechNet Flash IT Newsletter
__2008 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, BitLocker, Forefront, MSDN, SharePoint, Windows, and Windows Server are trademarks of the Microsoft group of companies. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at You can manage all your communication preferences at this site. Legal Information.This newsletter was sent by the Microsoft CorporationOne Microsoft WayRedmond, Washington, USA98052

No comments: