Microsoft Security Newsletter - October 2013



Trustworthy Computing | October 2013
Microsoft Security Newsletter



Welcome to October’s Security Newsletter!

The theme for this month’s newsletter focuses on security for the modern desktop. IT professionals are continually looking for ways to create a work environment for their employees that increases work productivity and minimizes the threats posed by cybercriminals.Often times this means running the latest software with the most advanced security technologies, making sure that
updates are regularly applied for all software installed, and running a real-time antivirus protection software from a trusted source.



Earlier this month, Microsoft
http://blogs.windows.com/windows/b/springboard/archive/2013/10/18/windows-8-1- general-availability-the-it-pro-perspective.aspx

announced the general availability of Windows 8.1 . This operating system is designed for the modern desktop and incorporates the latest in security technology innovations including

http://technet.microsoft.com/library/dn344918.aspx?ocid=wc-nl-secnews improvements in malware resistance, data protection, and access control, identity, and authentication . A modern operating system like Windows 8.1 provides a critical foundational layer of protection that serves as the basis for additional applications to be installed upon. In addition to providing a critical foundation for your desktop infrastructure, Microsoft is committed to ongoing support. For the past 10 years, Microsoft has delivered monthly security updates, each of which undergoes

http://www.microsoft.com/security/msrc/whatwedo/updates.aspx
rigorous testing . In fact, on average, Microsoft security updates are tested against over 3,000 of the most commonly deployed third-party applications.
This is done to help minimize post-deployment disruptions such as a
third-party application not working correctly.



If you have not already done so, I encourage you to check out

http://www.microsoft.com/windows
Windows 8.1 today. You can also try out the latest security features for your organization by downloading the free

http://technet.microsoft.com/windows/hh771457.aspx?ocid=wc-nl-secnews Windows 8.1 Enterprise Evaluation .



Best regards,

Tim Rains, Director

Microsoft
Trustworthy
Computing



Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.



Top Stories


http://blogs.technet.com/b/mmpc/archive/2013/10/29/new-security-intelligence-r eport-new-data-new-perspectives.aspx

New Security Intelligence Report, New Data, New Perspectives

Volume 15 of the Microsoft Security Intelligence Report (SIRv15) is now available. The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services over the past several years, with a focus on the first half of 2013.

http://www.microsoft.com/security/sir/default.aspx
Download SIRv15 today.

http://blogs.technet.com/b/mmpc/archive/2013/10/29/infection-rates-and-end-of- support-for-windows-xp.aspx

Infection Rates and End of Support for Windows XP

One of the key findings in SIRv15 is related to the Windows XP operating
system as it inches toward end of support on April 8, 2014, and the risks of being on unsupported software. Explore the latest data from this key finding.

http://blogs.technet.com/b/srd/archive/2013/10/29/software-defense-mitigation- heap-corruption-vulnerabilities.aspx

Software Defense: Mitigating Heap Corruption Vulnerabilities

Heap corruption vulnerabilities are the most common type of vulnerability that Microsoft addresses through security updates today. Explore some of the
general methods that have been used to exploit and mitigate heap corruption vulnerabilities and learn about the hardening changes that have been made in Windows 8 and Windows 8.1 to further complicate exploitation.




Security Guidance



http://technet.microsoft.com/library/dn344918.aspx?ocid=wc-nl-secnews What’s Changed in Security Technologies in Windows 8.1

Windows 8.1 builds upon the security foundation in Windows 8, providing security features that can protect devices and data from unauthorized access and software threats. Get a quick recap of what has changed with regard to malware resistance, data protection, and access control, identity, and authentication.

http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/wi ndows-8-1/compare/default.aspx

Compare Windows 8.1 Editions

Some security features, such as BitLocker and BitLocker To Go, are only available in the Pro and Enterprise editions of Windows 8.1. Curious in the other differences between Windows RT 8.1, Windows 8.1, Windows 8.1 Pro, and Windows 8.1 Enterprise? Check out this quick table-based guide.


http://technet.microsoft.com/windows/dn168167.aspx?ocid=wc-nl-secnews Securing the Windows 8 Boot Process

Modern malware—and rootkits, or bootkits, specifically—are capable of starting before Windows, completely bypassing operating system security,
and remaining completely hidden. Explore how rootkits work, then learn how Windows 8 and Windows 8.1 support four features to help prevent rootkits and bootkits from loading during the startup process: Secure Boot, Trusted Boot, Early Launch Anti-Malware (ELAM), and Measured Boot. For answers to common questions, see the

http://technet.microsoft.com/windows/dn168169.aspx?ocid=wc-nl-secnews Windows
8 Boot Security FAQ .


http://social.technet.microsoft.com/Forums/en-US/w8itprosecurity/
Windows 8.1 IT Pro Security Forum

Have a question, or need assistance with setting up or configuring a security feature in Windows 8.1? Get help from a large community of experts comprised
of members of Microsoft’s engineering and product teams, Microsoft Most Valuable Professionals (MVPs), and your IT professional peers.


http://technet.microsoft.com/magazine/dn448546.aspx
Windows 8: File History Explained

File History is a new automated system for continuously protecting your personal files stored in several key locations. Learn how to set up this feature and restore lost files, and see why File History is optimized for performance, security, and mobile users.




Cloud Security Corner



http://technet.microsoft.com/security/jj554736
Cloud Security Readiness Tool

Assess your current IT environment with regard to systems, processes, and productivity. This survey-based tool can create a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing for your organization.




This Month's Security Bulletins


October 2013 Security Bulletins


Critical

-MS13-080:2879017 https://technet.microsoft.com/en-us/security/bulletin/ms13-080

Cumulative Security Update for Internet Explorer

-MS13-081:2870008 https://technet.microsoft.com/en-us/security/bulletin/ms13-081

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

-MS13-082:2878890 https://technet.microsoft.com/en-us/security/bulletin/ms13-082

Vulnerabilities in .NET Framework Could Allow Remote Code Execution

-MS13-083:2864058 https://technet.microsoft.com/en-us/security/bulletin/ms13-083

Vulnerability in Windows Common Control Library Could Allow Remote Code Execution


Important

-MS13-084:2885089 https://technet.microsoft.com/en-us/security/bulletin/ms13-084

Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

-MS13-085:2885080 https://technet.microsoft.com/en-us/security/bulletin/ms13-085

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

-MS13-086:2885084 https://technet.microsoft.com/en-us/security/bulletin/ms13-086

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

-MS13-087:2890788 https://technet.microsoft.com/en-us/security/bulletin/ms13-087

Vulnerability in Silverlight Could Allow Information Disclosure


October 2013 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-security-up dates.aspx


Microsoft Security Response Center (MSRC) Blog Post

-
Security Bulletin Webcast (MP4) –
http://content4.catalog.video.msn.com/e2/ds/479f5d0a-21eb-4a47-a4cb-e7aa46bae2 c1.mp4

3000k |
http://content5.catalog.video.msn.com/e2/ds/abefcb74-e9ae-48cf-8299-f8ff356ca1 42.mp4

600k |
http://content5.catalog.video.msn.com/e2/ds/d1f86444-a104-4860-bb34-0d98d8d5dc d7.mp4

400k

-
http://blogs.technet.com/b/msrc/p/october-2013-security-bulletin-q-a.aspx

Security Bulletin Webcast Q&A



Security Events and Training



https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557383 Microsoft Webcast: Information about the November 2013 Security Bulletin Release Wednesday, November 13, 2013

Join this webcast for a brief overview of the technical details of November’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

http://www.microsoftvirtualacademy.com/liveevents/what-s-new-in-windows-8-1-fo r-it-professionals-jump-start

What’s New in Windows 8.1 for IT Professionals Jump Start
Thursday, November 14, 2013

Is your organization using Windows XP or Windows 7? See how you can fast-track your organization to a more secure infrastructure featuring Windows 8.1.


https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557386 Microsoft Webcast: Information about the December 2013 Security Bulletin Release Wednesday, December 11, 2013

Join this webcast for a brief overview of the technical details of DecemberÆs Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.






Essential Tools


-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
Security Compliance Manager

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers


Additional Resources


-
http://www.microsoft.com/about/twc/en/us/blogs.aspx
Trustworthy Computing Security and Privacy Blogs

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources

-
http://www.microsoft-careers.com/go/Trustworthy-Computing-Jobs/194701/ Trustworthy Computing Careers




microsoft.com/about/twcTrustworthy Computing




This is a monthly newsletter for IT professionals and
developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The
names of actual companies and products mentioned herein may be the trademarks of their respective owners.



Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=81184
Privacy Statement .



If you would prefer to no longer receive this newsletter, please http://pages.email.microsoftemail.com/page.aspx?QS=38dfbe491fab00ea380afe73db21 804e1836ec2291e123ed&emailid=274869&memberid=10030559&jobid=2645792&listid=8857 87&listname=Subscription_10030559_1109&subscriberkey=lordtime@tds.net&emailaddr =lordtime@tds.net&subscriberid=328026660

click here .



To set your contact preferences for other Microsoft communications http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc8995b58efdc3f7b1080db49b9506abc97728ed58e3628bb2b5d2fa8aea8a0139a

click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games