Microsoft Security Newsletter - July 2013

Trustworthy Computing | July 2013
Microsoft Security Newsletter

Welcome to July’s Security Newsletter!

This month our newsletter focuses on the Bring Your Own Device (BYOD) trend in the workplace and the implications it has for IT professionals. For many organizations, allowing employees to bring in personal computing devices—such as smart phones, tablets and PCs—can improve productivity and reduce the costs associated with deploying and supporting company-issued assets. As a result, BYOD has become a popular trend that is gaining wide acceptance in locations around the world. Microsoft recently commissioned the Trust in Computing survey to help uncover current attitudes and perceptions related to security and privacy. The study found that 78% of organizations allow employees to bring their own computing devices to the office for work purposes. There were also some interesting regional variations that can been seen in the below chart.



While the immediate benefits of BYOD might seem clear, they also come with IT security and management implications as IT departments can lose some of the control they traditionally exercised over managed resources. The security challenges of BYOD include enforcing policies like the use of strong passwords on multiple devices, ensuring that every device has up-to-date patches and robust anti-malware protection, the encryption of sensitive data, and mitigating other risks such as the loss of devices and the use of unsecured third-party data connections. Recognizing the benefits that BYOD can provide, Microsoft has designed its products and services with BYOD-friendly policies in mind.There are a few resources I suggest for diving deeper if you are interested in learning more about the topic and Microsoft’s approach:



-

http://blogs.technet.com/b/security/archive/2013/07/10/trust-in-computing-surve y-part-i-consumerization-of-it-goes-mainstream.aspx
Trust in Computing Survey, Part 1: Consumerization of IT Goes Mainstream

-

http://technet.microsoft.com/windows/jj874384.aspx?ocid=wc-nl-secnews
Managing Windows 8 Devices in a Bring Your Own Device World

-

http://www.microsoft.com/en-us/windows/enterprise/scenarios/BYOD.aspx
How to Embrace BYOD: Guidance for Enterprises


Finally, I’d like to thank those of you who sent us your ideas on how to improve this newsletter moving forward. We are always looking for additional feedback so email us at
mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.



Best regards,

Tim Rains, Director

Microsoft
Trustworthy
Computing


Top Stories

http://blogs.technet.com/b/in_the_cloud/archive/2013/07/10/what-s-new-in-2012-r 2-making-device-users-productive-and-protecting-corporate-information.aspx What’s New in Windows Server 2012 R2: Making Device Users Productive and Protecting Corporate Information

The modern workforce isn’t just better connected and more mobile than ever before, it’s also more discerning (and demanding) about the hardware and software used on the job. Get a helpful overview of the architecture and critical components of
http://www.microsoft.com/en-us/server-cloud/pcit.aspx
People-centric IT (PCIT) , learn how to embrace the consumerization of IT, and get insight into the technologies that will help you enable BYOD scenarios in your organization.



http://blogs.technet.com/b/security/archive/2013/07/12/trust-in-computing-surve y-part-2-less-than-half-of-developers-use-a-security-development-process.aspx Trust in Computing Survey, Part 2: Less Than Half of Developers Use a Security Development Process

The threat landscape is continually evolving. Attackers are constantly seeking out new ways to compromise potential victims on a broad or targeted scale. They attempt to exploit unpatched vulnerabilities, use deceitful tactics to trick users into installing malicious software, attempt to guess weak passwords, and employ other dirty tricks. Despite this reality, a large number of organizations are still not developing applications with security in mind. Explore the reasons behind this concerning trend.



http://blogs.technet.com/b/security/archive/2013/07/08/trustworthy-blog-app-now -available-for-windows-phone-8.aspx
Trustworthy Computing Blog App Now Available for Windows Phone 8

Learn about the improvements available in the new version of our Trustworthy Computing Blogs Windows Phone application, which include optimization for Windows Phone 8 users, live tile notifications, and improved graphics.


Security Guidance

http://technet.microsoft.com/library/dn268299.aspx

Windows Server 2012 R2 Preview: What's New in Access and Information Protection


In Windows Server 2012 R2 Preview, Active Directory has been enhanced to allow IT risk management while also enabling IT to empower their users to be productive from a variety of devices. Learn about these enhancements, then get step-by-step guidance with these walkthroughs:



-

http://technet.microsoft.com/library/dn280938.aspx
Workplace Join with a Windows Device

-

http://technet.microsoft.com/library/dn280933.aspx
Workplace Join with an iOS Device

-

http://technet.microsoft.com/library/dn280943.aspx
Connect to Applications and Services from Anywhere with Web Application Proxy

-

http://technet.microsoft.com/library/dn280936.aspx
Manage Risk with Multi-factor Access Control

-

http://technet.microsoft.com/library/dn280946.aspx
Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications

http://technet.microsoft.com/library/jj884158.aspx

How to Manage Mobile Devices by Using Configuration Manager and Windows Intune

Learn how to manage apps for Windows Phone 8, Windows RT, iOS, and Android devices by using the Windows Intune service and the System Center Configuration Manager console.


http://technet.microsoft.com/systemcenter/hh927307.aspx

Ensure the Compliance of Devices with Configuration Manager

System Center 2012 Configuration Manager SP1 contains new capabilities you can use to manage roaming profiles, offline files, and folder redirection on computers that run Windows 8 in your organization. Learn how to create configuration data, and deploy and manage configuration baselines, in order to ensure that your devices all contain consistent configurations and settings, and even automatically remediate settings found to be noncompliant.


http://technet.microsoft.com/library/ee424371.aspx?ocid=wc-nl-secnews

When to Use AppLocker

AppLocker is an application control feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 that helps you control which applications and files users can run. Find out how AppLocker can help you to protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.


http://technet.microsoft.com/windows/dn260725.aspx?ocid=wc-nl-secnews

Windows RT in the Enterprise: Security Technologies

Windows RT is designed to leverage all of the security technologies present in Windows 8, several of which are new. Explore why Windows RT not only supports these technologies, but requires many of them for all Windows RT devices to help ensure that the devices are protected from the first time they are turned on.


http://technet.microsoft.com/en-us/library/aa998599(v=exchg.150).aspx

Messaging Policy and Compliance in Exchange Server 2013

Messaging stores and mailboxes have become repositories of valuable data. Explore the messaging policy and compliance features in Exchange Server 2013, then get step-by-step guidance to help you configure key features such as Data Loss Prevention (DLP) and messaging records management (MRM).


Cloud Security Corner

http://blogs.technet.com/b/trustworthycomputing/archive/2013/07/08/cloud-securi ty-best-practices-and-recommended-resources.aspx

Cloud Security: Best Practices and Recommended Resources

As cloud computing begins to mature, organizations are looking at ways to understand the opportunities and assess their own current IT environment with regard to security, privacy and reliability practices, policies and compliance.To help organizations make informed security decisions and evaluate IT readiness for moving assets to the cloud, check out the top two resources recommended by Microsoft Trustworthy Computing General Manager Adrienne Hall.


This Month’s Security Bulletins

Microsoft Security Bulletin Summary for June 2013


Critical

-MS13-052:2861561 https://technet.microsoft.com/en-us/security/bulletin/ms13-052

Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution

-MS13-053:2850851 https://technet.microsoft.com/en-us/security/bulletin/ms13-053

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

-MS13-054:2848295 https://technet.microsoft.com/en-us/security/bulletin/ms13-054

Vulnerability in GDI+ Could Allow Remote Code Execution

-MS13-055:2846071 https://technet.microsoft.com/en-us/security/bulletin/ms13-055

Cumulative Security Update for Internet Explorer

-MS13-056:2845187 https://technet.microsoft.com/en-us/security/bulletin/ms13-056

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

-MS13-057:2847883 https://technet.microsoft.com/en-us/security/bulletin/ms13-057

Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution



Important

-MS13-058:2847927
http://technet.microsoft.com/en-us/security/bulletin/MS13-058

Vulnerability in Windows Defender Could Allow Elevation of Privilege

July 2013 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2013/07/09/a-new-policy-for-store-apps- and-the-july-2013-security-updates.aspx

Microsoft Security Response Center (MSRC) Blog Post

-
Security Bulletin Quick Overview (MP4) –

http://content1.catalog.video.msn.com/e2/ds/939736f6-1014-4852-ab34-edc5f707541 9.mp4
3000k |

http://content3.catalog.video.msn.com/e2/ds/f4734742-c7f7-4011-8a60-58023630112 5.mp4
600k |

http://content3.catalog.video.msn.com/e2/ds/9e3d7e7c-c80d-4dc5-836b-3ff24b9a941 5.mp4
400k

-
Security Bulletin Webcast (MP4) –

http://content1.catalog.video.msn.com/e2/ds/7409a224-97f4-4ecc-a81e-f04763e7d60 8.mp4
3000k |

http://content3.catalog.video.msn.com/e2/ds/b0eec976-3c95-4181-a3e5-97f04f6077b c.mp4
600k |

http://content3.catalog.video.msn.com/e2/ds/b8e202cf-5798-45f2-8222-0b36ddd32f0 6.mp4
400k

-
http://blogs.technet.com/b/msrc/p/july-2013-security-bulletin-q-a.aspx

Security Bulletin Webcast Q&A

Security Events and Training

http://online.holsystems.com/Software/holLaunchPadOnline/holLaunchPadOnline.app lication?eng=Windows8&auth=none&src=microsoft.holsystems.com&altadd=true&labid= 7709

Virtual Lab: Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control


Windows Server 2012 provides new, features to easily implement secure remote user features. In this lab, you will begin by leveraging both RemoteApp and VDI to allow users to work securely on remote applications from home computers. Next, you will grant those users access to corporate resources by enabling them to leverage DirectAccess. Finally, you will grant those users access to secure files via Dynamic Access Control by modifying properties of the user accounts.


http://online.holsystems.com/Software/holLaunchPadOnline/holLaunchPadOnline.app lication?eng=Windows8&auth=none&src=microsoft.holsystems.com&altadd=true&labid= 7709

Microsoft Webcast: Information about the August 2013 Security Bulletin Release Wednesday, August 14, 2013

Join this webcast for a brief overview of the technical details of August’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.


https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557378

Microsoft Webcast: Information about the September 2013 Security Bulletin Release
Wednesday, September 11, 2013

Join this webcast for a brief overview of the technical details of September’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.



Essential Tools


-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
Security Compliance Manager

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750
Microsoft Security Product Solution Centers


Additional Resources

-
http://www.microsoft.com/about/twc/en/us/blogs.aspx
Trustworthy Computing Security and Privacy Blogs

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources

microsoft.com/about/twcTrustworthy Computing


This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.



Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=81184
Privacy Statement .



If you would prefer to no longer receive this newsletter, please http://pages.email.microsoftemail.com/page.aspx?QS=38dfbe491fab00ea380afe73db21 804e1836ec2291e123ed&emailid=267002&memberid=10030559&jobid=2553033&listid=8857 87&listname=Subscription_10030559_1109&subscriberkey=lordtime@tds.net&emailaddr =lordtime@tds.net&subscriberid=328026660
click here .



To set your contact preferences for other Microsoft communications http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc84bb331c0f9343921fd47162ef456b0163d27fbf53070fe33e85bf6139eafc967
click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA




---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games