Microsoft Security Newsletter - August 2013

Trustworthy Computing | August 2013
Microsoft Security Newsletter

Welcome to August’s Security Newsletter!


This month our newsletter focuses on client security and the security implications of running software that is no longer supported by the software manufacturer. If you have been following Microsoft security news recently, you are likely aware that http://blogs.technet.com/b/security/archive/2013/04/09/the-countdown-begins-sup port-for-windows-xp-ends-on-april-8-2014.aspx
support for Windows XP ends on April 8, 2014 . It is important to note that after this date, customers running Windows XP will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its "end of life" will not be addressed by new security updates from Microsoft.



From a security perspective, if you are running Windows XP, I cannot stress enough the importance of migrating to a newer platform that is supported and can provide increased protections. The very first month that Windows XP goes out of support, attackers will have the advantage. The first month that security updates for supported versions of Windows are released, attackers will reverse engineer those updates, find the vulnerabilities, and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since security updates will no longer be available for Windows XP to address such vulnerabilities, Windows XP will essentially have a "zero day" vulnerability forever. I discuss this in greater detail in a http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-wind ows-xp-after-support-ends.aspx
recent blog post .



This should be concerning for anyone using Windows XP today. If your organization has not started the migration to a modern operating system, it is crucial that you begin planning and application compatibility testing as soon as possible. Based on historical customer deployment data, http://blogs.windows.com/windows/b/springboard/archive/2013/04/08/365-days-rema ining-until-xp-end-of-support-the-countdown-begins.aspx
the average enterprise deployment can take 18 to 32 months from business case through full deployment. If you are looking for resources on how to get started, I encourage you to read the Windows Blog post on " http://blogs.windows.com/windows/b/springboard/archive/2013/04/08/365-days-rema ining-until-xp-end-of-support-the-countdown-begins.aspx
365 Days Remaining Until XP End Of Support. The Countdown Begins " for more detailed questions and answers.



Best regards,

Tim Rains, Director

Microsoft
Trustworthy
Computing




Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.


Top Stories

http://www.microsoft.com/en-us/download/details.aspx?id=39707
Microsoft Security Response Center Progress Report 2013

Download the latest insights on key security bulletin and Common Vulnerabilities and Exposures (CVE) statistics and explore how several Microsoft Security Response Center (MSRC) programs performed during the one year period between July 2012 and June 2013. Want to learn how to use the data offered in the MSRC Progress Report to make optimized deployment decisions? Read " http://blogs.technet.com/b/security/archive/2013/08/21/using-vulnerability-data -to-optimize-security-update-deployments.aspx
Using Vulnerability Data to Optimize Security Update Deployments ."


http://blogs.technet.com/b/security/archive/2013/08/14/new-microsoft-security-i ntelligence-report-application-for-windows.aspx
New Microsoft Security Intelligence Report Application for Windows

Enhance your access to the vast amount of threat intelligence contained in the Microsoft Security Intelligence Report (SIR) with the new Microsoft SIR desktop application. Designed to work on both Windows 7 and Windows 8, the app provides user-friendly, easy access to all 800+ pages of SIR content, including high-resolution charts, in one convenient place. http://www.microsoft.com/en-us/download/details.aspx?id=39929
Download the app today.


http://blogs.technet.com/b/security/archive/2013/07/25/the-impact-of-security-s cience-in-protecting-customers.aspx
The Impact of Security Science in Protecting Customers

Microsoft Trustworthy Computing recently released new research that examines the long-term impact of security mitigations that Microsoft has implemented to address software vulnerabilities. Explore http://blogs.technet.com/b/security/archive/2013/07/25/the-impact-of-security-s cience-in-protecting-customers.aspx
key findings then download the full paper, entitled " http://www.microsoft.com/en-us/download/details.aspx?id=39680
Software Vulnerability Exploitation Trends ."


Security Guidance

http://technet.microsoft.com/library/dn283963.aspx?ocid=wc-nl-secnews
Windows 8 Security Overview

Familiarize yourself with the enterprise-grade security features in Windows 8 that can protect your devices and data from unauthorized access and threats like malware. Looking for information on what’s changed in security in Windows 8.1? See http://technet.microsoft.com/windows/dn140266.aspx?ocid=wc-nl-secnews#security What’s New in Windows 8.1 and the http://technet.microsoft.com/windows/jj721676.aspx?ocid=wc-nl-secnews#security Windows 8.1 Preview FAQ .


http://technet.microsoft.com/windows/dn168167.aspx?ocid=wc-nl-secnews
Securing the Windows 8 Boot Process

When you run Windows 8 on a Windows 8 certified PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power your PC on until your antimalware starts. Learn how Trusted Boot provides better startup security for both company- and personally-owned PCs then get answers to common questions with a http://technet.microsoft.com/windows/dn135302.aspx?ocid=wc-nl-secnews
short demo and the http://technet.microsoft.com/windows/dn168169.aspx?ocid=wc-nl-secnews
Windows 8 Boot Security FAQ .


http://technet.microsoft.com/windows/dn260725.aspx?ocid=wc-nl-secnews
Windows RT in the Enterprise: Security Overview

Windows RT is designed to leverage all of the security technologies present in Windows 8. Learn how Windows RT not only does supports these technologies, but how many of them are required for all Windows RT devices to help ensure that devices are protected from the first time they are turned on.


http://technet.microsoft.com/library/jj592683.aspx?ocid=wc-nl-secnews Preparing for BitLocker: Planning and Policies

When you design your BitLocker deployment strategy, you will need to define the appropriate policies and configuration requirements based on the business requirements of your organization. This article will show you how to collect information that you can use to frame your decision-making process about deploying and managing BitLocker systems. Curious about a specific aspect of BitLocker deployment or management? Check out the http://technet.microsoft.com/library/hh831507.aspx?ocid=wc-nl-secnews BitLocker FAQ .


http://technet.microsoft.com/windows/dn168171.aspx?ocid=wc-nl-secnews
Demo: Deploy BitLocker with MDT and Windows PowerShell

With Windows 8, you can more quickly enable BitLocker Drive Encryption during operating-system deployment. Now you can pre-provision BitLocker before installing Windows 8, and it can encrypt used disk space, rather than encrypting the entire drive. Learn how to deploy BitLocker by using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell.


http://technet.microsoft.com/windows/jj983729.aspx?ocid=wc-nl-secnews
Try It Out: Encrypt Used Space Only

BitLocker in Windows 8 introduces Used Disk Space Only encryption, which gives you the option to encrypt only space on the drive that is actively being used. Use this quick step-by-step guide to try this process for yourself.


http://technet.microsoft.com/magazine/dn271885.aspx
Manage the Identity Lifecycle

Managing identity is ultimately about managing access to your corporate resources. Users authenticate to resources with their identity, then use the properties of that identity (for example, group membership) to get authorized access to resource. See why having a good identity management system in place—with a standard process for provisioning and updating user accounts with their proper groups and other authorizations—helps ensure the right users have access to the right resources.


Cloud Security Corner

http://technet.microsoft.com/magazine/dn235775.aspx
Cloud Computing: Privacy, Confidentiality and the Cloud

If you’re in IT, you are frequently processing, storing, or transmitting data that is subject to regulatory and compliance requirements. When that data falls under regulatory or compliance restrictions, your choice of cloud deployment (whether private, hybrid or public) hinges on maintaining the security of information. Learn how to view the cloud as a golden opportunity to achieve better security.


This Month’s Security Bulletins

Microsoft Security Bulletin Summary for August 2013


Critical

-MS13-059:2862772
http://technet.microsoft.com/en-us/security/bulletin/MS13-059

Cumulative Security Update for Internet Explorer

-MS13-060:2850869
http://technet.microsoft.com/en-us/security/bulletin/MS13-060

Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution

-MS13-061:2876063
http://technet.microsoft.com/en-us/security/bulletin/MS13-061

Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution


Important

-MS13-062:2849470
http://technet.microsoft.com/en-us/security/bulletin/MS13-062

Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege


-MS13-063:2859537
http://technet.microsoft.com/en-us/security/bulletin/MS13-063

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

-MS13-064:2849568
http://technet.microsoft.com/en-us/security/bulletin/MS13-064

Vulnerability in Windows NAT Driver Could Allow Denial of Service

-MS13-065:2868623
http://technet.microsoft.com/en-us/security/bulletin/MS13-065

Vulnerability in ICMPv6 could allow Denial of Service

-MS13-066:2873872
http://technet.microsoft.com/en-us/security/bulletin/MS13-066

Vulnerability in Active Directory Federation Services Could Allow Information Disclosure

August 2013 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2013/08/13/leaving-las-vegas-and-the-au gust-2013-security-updates.aspx

Microsoft Security Response Center (MSRC) Blog Post

-
Security Bulletin Quick Overview (MP4) –

http://content2.catalog.video.msn.com/e2/ds/c29a7021-aeed-4062-91e3-14ceced375d 8.mp4
3000k |

http://content1.catalog.video.msn.com/e2/ds/98400bdd-8cd6-46d1-9a03-8c80f7f5537 0.mp4
600k |

http://content2.catalog.video.msn.com/e2/ds/099c3278-2bb5-4890-a684-ceb7daf0a99 1.mp4
400k

-
Security Bulletin Webcast (MP4) –

http://content3.catalog.video.msn.com/e2/ds/0b4e22fb-1437-4dd7-82a2-d1b934a37ad 0.mp4
3000k |

http://content5.catalog.video.msn.com/e2/ds/5243fcc1-441b-4b36-ae76-2a35a475999 a.mp4
600k |

http://content4.catalog.video.msn.com/e2/ds/92ff8783-8c16-4b12-948a-f5d32269050 e.mp4
400k

-
http://blogs.technet.com/b/msrc/p/august-2013-security-bulletin-q-a.aspx

Security Bulletin Webcast Q&A

Security Events and Training

http://technet.microsoft.com/windows/jj721671.aspx?ocid=wc-nl-secnews
Windows 8 Jump Start: Recovery and Security

Learn how to better control, secure, and manage Windows 8 PCs with BitLocker, UEFI, Secure Boot, Measured Boot, and the Diagnostics and Recovery Toolset (DaRT). This course will go over the security features integrated into Windows 8 and then walk you through the process of resetting and refreshing PCs, deploying recovery images, and much more.


https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557378 Microsoft Webcast: Information about the September 2013 Security Bulletin Release
Wednesday, September 11, 2013

Join this webcast for a brief overview of the technical details of September’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.


https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557381 Microsoft Webcast: Information about the October 2013 Security Bulletin Release

Wednesday, October 9, 2013

Join this webcast for a brief overview of the technical details of October’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.



Essential Tools


-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
Security Compliance Manager

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750
Microsoft Security Product Solution Centers


Additional Resources


-
http://www.microsoft.com/about/twc/en/us/blogs.aspx
Trustworthy Computing Security and Privacy Blogs

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources

-
http://www.microsoft-careers.com/go/Trustworthy-Computing-Jobs/194701/ Trustworthy Computing Careers

microsoft.com/about/twcTrustworthy Computing


This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.



Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=81184
Privacy Statement .



If you would prefer to no longer receive this newsletter, please http://pages.email.microsoftemail.com/page.aspx?QS=38dfbe491fab00ea380afe73db21 804e1836ec2291e123ed&emailid=268954&memberid=10030559&jobid=2580307&listid=8857 87&listname=Subscription_10030559_1109&subscriberkey=lordtime@tds.net&emailaddr =lordtime@tds.net&subscriberid=328026660
click here .



To set your contact preferences for other Microsoft communications http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc8cd62224b767d7499373e2815b63afa11e13cba2f6676b16c496eaa200d32d4dc
click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA




---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games