PROJECT 'K: [Microsoft Security Newsletter] 2008-12-12

Featured Article
Monitoring Malware Through the Edge with Microsoft Forefront Threat Management Gateway
By Yuri Diogenes, Security Support Engineer, Microsoft ISA and IAG Team Learn how to monitor your traffic with either real-time logging or on-demand reporting. Explore how to use new fields on the dashboard and real-time logging to instantly see if the traffic contains a piece of malware, the threat level, and whether it was cured. In addition, see how you can use new reports to work proactively to investigate trends and identify systems that may be compromised.

Top Stories
Secure and Monitor Your Windows and Office Environment -- Join the Beta Now
Project Codename Sundance provides you with an end-to-end solution to help your organization plan, deploy, and monitor security baselines of Windows operating systems and Microsoft Office 2007 applications. The beta release is available now for your review through January 6, 2009. After joining the beta review program, bookmark this link to the program site to get the latest information about upcoming events.
Get the Free Windows HPC Server 2008 Trial
Windows HPC Server 2008 can help shorten time-to-insight for HPC workload through easier deployment and management. By using the existing Windows-based information technology (IT) infrastructure, HPCS brings the security benefits of Windows Server to cluster environments and can provide a seamless parallel computing environment from desktop to the server.
Live Interview and Demo from Tech__Ed EMEA: Security Assessment
Check out the demo in this Tech__Ed Online interview with the Group Product Manager behind the Microsoft Security Assessment Tool. Through the easy-to-use assessment process, you will find prioritized tasks with industry guidance, best practices, and recommendations to resolve security issues identified in the detailed reports.

Security Guidance
Security Tip of the Month: Security Considerations in High-Performance Computing
This article describes how you can monitor your traffic with either real-time logging or on-demand reporting. Learn how you can use new fields on the dashboard and real-time logging to instantly see if the traffic contains a piece of malware, the threat level, and whether it was cured. You can also see how to use new reports to work proactively to investigate trends and identify systems that may be compromised.
Technical Overview of Windows HPC Server 2008
Because HPC clusters are being adopted by a broad range of mainstream users for mission-critical applications, security and integration with the existing infrastructure are essential. Read this technical overview to learn how Windows HPC Server 2008 uses the Active Directory service to enable role-based security for all cluster jobs and administration.
Windows HPC Server 2008: Using MS-MPI
MPI and MPI2 are widely accepted specifications for managing messaging in high-performance clusters. Among the most widely accepted implementations of Message Passing Interface (MPI) is the open-source Argonne National Laboratory MPICH2 reference implementation. At the API level, MS MPI is identical to the more than 160 APIs implemented by MPICH2. At the same time, MS MPI adds enhanced security and process management capabilities for enterprise environments and a new execution-tracing feature for Windows HPC Server 2008. Read this white paper for more details.
HPC Pack 2008 SDK
Microsoft HPC Server 2008 provides secure, scalable cluster resource management, a job scheduler, and an MPI stack for parallel programming. Download the Microsoft HPC Pack 2008 SDK to get the tools and content necessary to write parallel applications for the Windows HPC Server 2008 platform.
Securing the HPC Session
HPC uses HPC sessions to support the service-oriented architecture (SOA) programming model based on Windows Communication Foundation (WCF). The SOA programming model is ideal for writing interactive, parallel applications that provide near real-time calculation of complex algorithms, such as Monte Carlo simulations and BLAST searches. Read this topic for tips on how to secure the HPC session.
Use Windows Server 2008 to Develop Federation-Aware Applications
Extend Web applications inside your firewall to vendors, partners, and other trusted organizations with secure, authenticated, and controlled external access.

This Month's Security Bulletins
Critical:
•MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
•MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
•MS08-073: Cumulative Security Update for Internet Explorer (958215)
•MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
•MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
•MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Important:
•MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
•MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Support Lifecycle Web site.
•See a List of Supported Service Packs: Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Security Events and Training
Learning Paths for Security: Securing Business Intelligence
While data warehousing is primarily concerned with the integration of vast amounts of data across multiple business systems, business intelligence is concerned with how to use that integrated data to make strategic business decisions. Security becomes an immediate concern whenever private corporate data is accessed. Stories of conspicuous data leaks have been making news headlines for years. Use this learning path to help you take security into consideration when developing a business intelligence strategy.
Windows FireStarter Live Meeting
Friday, December 12, 8:30 AM Pacific Time Attention developers and IT professionals! Do not miss this live virtual event where you will learn best practices for developing for Windows for standard users, delve into specifics around Windows security and BitLocker, and get a preview of Windows 7 and Windows Server 2008 R2.

Upcoming Security Webcasts
Interactive Security Webcast Calendar
Upcoming security webcasts in a dynamic, interactive format.
For IT Professionals
•TechNet Labcast: Exchange Server 2007 (Part 2 of 5): Configuring an Edge Server and Compliance and Retention Using Exchange Server 2007 RTM (Level 200) Thursday, December 11, 11:00 AM Pacific Time Jeff Sparks, Senior Consultant, United Training
•TechNet Webcast: Security Deployment Review Tool (Level 200) Monday, December 15, 11:00 AM Pacific Time Anil Kumar Revuru, Senior Software Design Engineer, Microsoft Corporation
•TechNet Webcast: Supporting PHP and Open Source in the Windows Environment (Level 200) Tuesday, December 16, 8:00 AM Pacific Time Keith Combs, IT Pro Evangelist, Microsoft Corporation
•TechNet Webcast: Windows BitLocker for the Enterprise: Notes from the Field (Level 200) Tuesday, December 16, 11:00 AM Pacific Time Richard Lewis, Security Architect, Microsoft Corporation
•TechNet Labcast: Exchange Server 2007 (Part 4 of 5): Configuring Unified Messaging and Enabling Remote Client Access (Level 200) Thursday, December 18, 11:00 AM Pacific Time Jeff Sparks, Senior Consultant, United Training
•TechNet Labcast: Exchange Server 2007 (Part 5 of 5): Using Local Continuous Replication and Cluster Continuous Replication (Level 200) Friday, December 19, 11:00 AM Pacific Time Jeff Sparks, Senior Consultant, United Training
•TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200) Wednesday, January 14, 2009 6:30 PM Pacific Time Mike Reavey, Group Manager MSRC, Microsoft Corporation
For Developers
•MSDN Webcast: SharePoint Products and Technologies for Internet Site Development: Search (Level 200) Thursday, December 18, 11:00 AM Pacific Time Robert Bogue, President, Thor Projects
•MSDN Webcast: SharePoint Products and Technologies for Internet Site Development: Content Deployment (Level 200) Tuesday, January 06, 2009, 11:00 AM Pacific Time Andrew Connell, MVP MOSS, Senior Instructor, Ted Pattison Group
•MSDN Webcast: Security Development Lifecycle Threat Modeling for Developers (Level 200) Thursday, January 15, 2009, Noon Pacific Time Adam Shostack, Senior Program Manager, Microsoft Corporation
Microsoft On-Demand Webcasts
•TechNet Webcast: Windows HPC Server 2008: High Availability and Diagnostics for High-Performance Computing (Level 100) The Windows Server 2008 operating system, the next generation of Windows Server, is designed to help high-performance computing (HPC) administrators maximize control over their infrastructure, while providing enhanced availability and management capabilities. This leads to a significantly more secure, reliable server environment than ever before. Join this session to learn how you can tune Windows HPC Server 2008 to take advantage of high availability.

Volume 5, No. 12December 2008
In This Issue:

Featured Article
Top Stories
Security Guidance
This Month's Security Bulletins
Microsoft Product Lifecycle Information
Security Events and Training
Upcoming Security Webcasts