Pop-Up Thingie

Digital Distortion
  • Home
  • Forum
  • Files
  • Web Monitor
  • Log in

  1. Forum
  2. League10
  3. Microsoft Sec. Bulletin
  • Microsoft Security Newsletter - September 2013

    From Lord Time@TIME to All on Sun Nov 10 15:23:03 2013
    Microsoft Security Newsletter - September 2013



    Trustworthy Computing | September 2013
    Microsoft Security Newsletter



    Welcome to September’s Security Newsletter!

    This month our newsletter focuses on application security. With the growing popularity of apps today, and their wide range of use such as the processing
    of financial data or storing of personal information, it is critically important that application developers build apps with security in mind.



    To help developers protect their applications from malicious attacks,
    Microsoft has integrated security technologies into our software commonly used for development. Windows 8 and Visual Studio 2012 provide a set of application programming interfaces (APIs), controls, and tools to help minimize
    application vulnerabilities and mitigate common security problems. In Visual Studio 2012, security technologies such as

    http://msdn.microsoft.com/library/8dbf701c.aspx
    /GS ,

    http://msdn.microsoft.com/library/bb384887.aspx
    address space layout randomization (ASLR) ,

    http://msdn.microsoft.com/library/windows/desktop/aa366553.aspx
    Data Execution Prevention (DEP) , and

    http://support.microsoft.com/kb/956607
    Structured Exception Handling Overwrite Protection (SEHOP) are enabled by default for native code within the application. When developers compile their applications, these security technologies are integrated. In addition, Microsoft provides an

    http://msdn.microsoft.com/library/windows/apps/hh694081.aspx
    Application Certification Kit . This kit is designed to help developers validate and test their applications on their computer before they submit them for certification and listing in the Windows Store.



    While on the topic of applications, Microsoft has
    http://blogs.technet.com/b/security/archive/2013/08/14/new-microsoft-security- intelligence-report-application-for-windows.aspx

    released a new Security Intelligence Report app for Windows . If you are not familiar with the

    http://www.microsoft.com/sir
    Microsoft Security Intelligence Report (SIR) , it provides threat intelligence for 100+ countries/regions around the world and is designed to help IT professionals manage risk within their organizations. This new app is designed to work on Windows 7 and Windows 8 and provides our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The app includes all 800+ pages of content from SIR Volume 14, the latest volume
    of the report, and is fully searchable. This makes it easy to find every mention of a particular threat or country/region. It also provides an easy way to access high fidelity charts with ";save as"; functionality. In addition,
    the application is reader friendly with the integration of glossary terms in the body of the report.



    You can download the app today at

    http://aka.ms/GetSIRApp
    http://aka.ms/GetSIRApp . We hope you enjoy it and encourage you to provide feedback to our Twitter handle

    https://twitter.com/msftsecurity
    @MSFTSecurity .



    Best regards,

    Tim Rains, Director

    Microsoft
    Trustworthy
    Computing



    Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
    secnlfb@microsoft.com and share your ideas.



    Top Stories


    http://blogs.technet.com/b/security/archive/2013/09/17/financial-services-a-su rvey-of-the-state-of-secure-application-development-processes.aspx

    Financial Services: A Survey of the State of Secure Application Development Processes

    Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals, companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind. As a result, Microsoft recently commissioned an independent research and consultancy firm to examine the current state of application development in the financial services sector from a security perspective. Explore their findings by downloading the report,
    ";
    http://aka.ms/D5akge
    Microsoft Security Development Lifecycle Adoption: Why and How today.";


    http://blogs.technet.com/b/bluehat/archive/2013/09/16/mapp-initiatives-update- knowledge-exchange-platform.aspx

    MAPP Initiatives Update - Knowledge Exchange Platform

    A little more than a month ago, Microsoft
    http://blogs.technet.com/b/bluehat/archive/2013/07/29/new-mapp-initiatives.asp x announced some new initiatives for the Microsoft Active Protections Program (MAPP). Learn how the program is moving forward with its first two
    initiatives, one of which is a new automated knowledge exchange platform that provides the ability to automate the sharing and consumption of threat information in machine readable formats.




    Security Guidance



    http://www.microsoft.com/download/details.aspx?id=2830
    Microsoft SDL Optimization Model

    Designed for development managers and IT policymakers, this step-by-step model helps you gradually move your organization toward the adoption of the
    Microsoft SDL to reduce customer risk. Included are tools that will enable you to: a) assess the state of your development organization with four maturity levels; b) create a practical vision and roadmap for improving your organizations software development capability; and c) outline practical and cost-effective activities in each of the five capability areas to assist with budgeting, planning, and staffing efforts associated with software.


    http://www.microsoft.com/security/sdl/adopt/processtemplate.aspx
    SDL Process Template

    Get a downloadable template that automatically integrates the policy, process, and tools associated with the Microsoft SDL process guidance directly into
    your Visual Studio Team System (VSTS) software development environment.


    http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx
    SDL Threat Modeling Tool

    Threat modeling is a core element of the Microsoft SDL. The SDL Threat
    Modeling makes threat modeling easier for developers of all skill levels to communicate about the security design of their systems, analyze those designs for potential security issues using a proven methodology, and suggest and manage mitigations for security issues.


    http://msdn.microsoft.com/magazine/dn169079.aspx
    Using the SDL for LOB Windows 8 Apps

    Learn how to build security into your Windows Store line-of-business apps with measurable results.


    http://msdn.microsoft.com/en-us/magazine/jj721591.aspx
    Web to Windows 8: Security

    With Windows 8, JavaScript plays an important part in the overall security of your app by providing the tools necessary to secure data, validate input and separate potentially malicious content. This article will show you how you can adjust some of the habits you bring from web development so that you can produce more secure Windows Store apps using HTML5, JavaScript and the
    security features of the Windows Runtime.


    http://msdn.microsoft.com/magazine/dn169079.aspx
    Using the SDL for LOB Windows 8 Apps

    Learn how to build security into your Windows Store line-of-business apps with measurable results.


    http://msdn.microsoft.com/magazine/jj215887.aspx
    Learn how to build security into your Windows Store line-of-business apps with measurable results.

    Beyond the buzz of Web 2.0, mashup applications (also called hybrid or situational applications) bring the promise of creating meaningful experiences by feeding other people's data to your application. Learn to mitigate security issues that can come along with a mashup application in this series of
    articles from MSDN's Script Junkie.




    Cloud Security Corner



    http://technet.microsoft.com/magazine/dn235775.aspx
    Cloud Computing: Privacy, Confidentiality and the Cloud

    If you’re in IT, you are frequently processing, storing, or transmitting data that is subject to regulatory and compliance requirements. When that data falls under regulatory or compliance restrictions, your choice of cloud deployment (whether private, hybrid or public) hinges on maintaining the security of information. Learn how to view the cloud as a golden opportunity
    to achieve better security.




    This Month's Security Bulletins


    September 2013 Security Bulletins


    Critical

    -MS13-067:2834052
    http://technet.microsoft.com/en-us/security/bulletin/ms13-067

    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

    -MS13-068:2756473 https://technet.microsoft.com/en-us/security/bulletin/ms13-068

    Vulnerability in Microsoft Outlook Could Allow Remote Code Execution

    -MS13-069:2870699 https://technet.microsoft.com/en-us/security/bulletin/ms13-069

    Cumulative Security Update for Internet Explorer

    -MS13-070:2876217 https://technet.microsoft.com/en-us/security/bulletin/ms13-070

    Vulnerability in OLE Could Allow Remote Code Execution


    Important

    -MS13-071:2864063 https://technet.microsoft.com/en-us/security/bulletin/ms13-071

    Vulnerability in Windows Theme File Could Allow Remote Code Execution

    -MS13-072:2845537 https://technet.microsoft.com/en-us/security/bulletin/ms13-072

    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

    -MS13-073:2858300 https://technet.microsoft.com/en-us/security/bulletin/ms13-073

    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

    -MS13-074:2848637 https://technet.microsoft.com/en-us/security/bulletin/ms13-074

    Vulnerabilities in Microsoft Access Could Allow Remote Code Execution

    -MS13-075:2878687 https://technet.microsoft.com/en-us/security/bulletin/ms13-075

    Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege

    -MS13-076:2876315 https://technet.microsoft.com/en-us/security/bulletin/ms13-076

    Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege


    -MS13-077:2872339 https://technet.microsoft.com/en-us/security/bulletin/ms13-077

    Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege

    -MS13-078:2825621 https://technet.microsoft.com/en-us/security/bulletin/ms13-078

    Vulnerability in FrontPage Could Allow Information Disclosure

    -MS13-079:2853587 https://technet.microsoft.com/en-us/security/bulletin/ms13-079

    Vulnerability in Active Directory Could Allow Denial of Service


    September 2013 Security Bulletin Resources:

    - http://blogs.technet.com/b/msrc/archive/2013/09/10/lovely-tokens-and-the-septem ber-2013-security-updates.aspx


    Microsoft Security Response Center (MSRC) Blog Post

    -
    Security Bulletin Webcast (MP4) –
    http://content4.catalog.video.msn.com/e2/ds/17913a0b-e889-40af-b082-074e1283a5 56.mp4

    3000k |
    http://content3.catalog.video.msn.com/e2/ds/33981985-e71a-4691-b9e1-e06e4b2a74 42.mp4

    600k |
    http://content2.catalog.video.msn.com/e2/ds/e786716a-fbde-4368-8649-53a26c410e 9b.mp4

    400k

    -
    http://blogs.technet.com/b/msrc/p/september-2013-security-bulletin-q-a.aspx

    Security Bulletin Webcast Q&A



    Security Events and Training



    http://www.microsoft.com/security/sdl/process/training.aspx
    Microsoft SDL Training

    Learn how to implement the foundational concepts of the Microsoft SDL and
    build better software. Topics include secure design, threat modeling, secure coding, security testing, and best practices surrounding privacy. This
    training is designed specifically for software development team members in technical roles (developers, testers, and program managers).


    https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557381 Microsoft Webcast: Information about the October 2013 Security Bulletin
    Release Wednesday, October 9, 2013

    Join this webcast for a brief overview of the technical details of October's Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.


    https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557383 Microsoft Webcast: Information about the November 2013 Security Bulletin Release Wednesday, November 13, 2013

    Join this webcast for a brief overview of the technical details of November's Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.






    Essential Tools


    -
    http://technet.microsoft.com/security/bulletin
    Microsoft Security Bulletins

    -
    http://technet.microsoft.com/security/advisory
    Microsoft Security Advisories

    -
    http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
    Security Compliance Manager

    -
    http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
    Microsoft Security Development Lifecycle Starter Kit

    -
    http://support.microsoft.com/kb/2458544
    Enhanced Mitigation Experience Toolkit

    -
    http://www.microsoft.com/security/pc-security/malware-removal.aspx
    Malicious Software Removal Tool

    -
    http://technet.microsoft.com/security/cc184924.aspx
    Microsoft Baseline Security Analyzer


    Security Centers


    -
    http://technet.microsoft.com/security
    Security TechCenter

    -
    http://msdn.microsoft.com/security
    Security Developer Center

    -
    http://www.microsoft.com/security/msrc/default.aspx
    Microsoft Security Response Center

    -
    http://www.microsoft.com/security/portal/
    Microsoft Malware Protection Center

    -
    http://www.microsoft.com/privacy
    Microsoft Privacy

    -
    http://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers


    Additional Resources


    -
    http://www.microsoft.com/about/twc/en/us/blogs.aspx
    Trustworthy Computing Security and Privacy Blogs

    -
    http://www.microsoft.com/security/sir
    Microsoft Security Intelligence Report

    -
    http://www.microsoft.com/security/sdl
    Microsoft Security Development Lifecycle

    -
    http://technet.microsoft.com/library/cc162838.aspx
    Malware Response Guide

    -
    http://technet.microsoft.com/security/bb980617.aspx
    Security Troubleshooting and Support Resources

    -
    http://www.microsoft-careers.com/go/Trustworthy-Computing-Jobs/194701/ Trustworthy Computing Careers




    microsoft.com/about/twcTrustworthy Computing




    This is a monthly newsletter for IT professionals and
    developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



    (c) 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The
    names of actual companies and products mentioned herein may be the trademarks of their respective owners.



    Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=81184
    Privacy Statement .



    If you would prefer to no longer receive this newsletter, please http://pages.email.microsoftemail.com/page.aspx?QS=38dfbe491fab00ea380afe73db21 804e1836ec2291e123ed&emailid=271496&memberid=10030559&jobid=2610450&listid=8857 87&listname=Subscription_10030559_1109&subscriberkey=lordtime@tds.net&emailaddr =lordtime@tds.net&subscriberid=328026660

    click here .



    To set your contact preferences for other Microsoft communications http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc838b86de00950c689633f650c6a83784043fe6747eef901587a806fee6531fbef

    click here .



    Microsoft Corporation

    One Microsoft Way

    Redmond, WA 98052 USA
    ---
    ■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
  • Web-based telnet client

    Other Links
    What is a BBS?
    Doors installed on this BBS
    Digital Distortion Doors & Tools
    Door stats
    Trivia scores
    Message networks
    Terminal software
    Synchronet archiver setup
    Ready.gov anti-terrorist guidelines as of 2003

    Other services
    Telnet
    RLogin
    IRC
    Email & news access

    Feel free to send me an email.

    BBS UPS stats
  • Who's Online

  • Recent Visitors

    • Merlin
      Mon Apr 14 06:31:48 2025
      from Milton, WV via HTTP
    • Merlin
      Sun Apr 6 09:19:55 2025
      from Milton, WV via HTTP
    • xbit
      Sat Feb 22 04:36:09 2025
      from Portland, Or via HTTP
    • Wilmaxs
      Wed Aug 16 04:20:48 2023
      via HTTP
  • System Info

    Sysop: Eric Oulashin
    Location: Beaverton, Oregon, USA
    Users: 101
    Nodes: 16 (1 / 15)
    Uptime: 22:55:35
    Calls: 6,163
    Calls today: 7
    Files: 8,500
    D/L today: 6,835 files
    (2,696M bytes)
    Messages: 348,693
    Posted today: 2

© Digital Distortion, 2025