Forum: Digital Distortion

Microsoft Security Newsletter - February 2014

From Lord Time@TIME to All on Thu Feb 27 08:11:31 2014

Microsoft Security Newsletter - February 2014

Trustworthy Computing | February 2014
Microsoft Security Newsletter

Welcome to February’s Security Newsletter!

The theme for our newsletter this month focuses in on the importance of data classification in helping to manage risk for sensitive data. With the proliferation of devices on the market today, many IT professionals I talk
with struggle with how to manage sensitive data on end point devices. For
some, data classification has already become a part of their culture and plays a role in managing their organization’s data. For others though, this is either a new concept or one that organizations struggle to implement.

Given the importance and relevance of this topic in today’s environment, we have published two papers that are recommended reading for any IT professional seeking to learn more about data classification and how it can help organizations better manage risk:

-
" http://download.microsoft.com/download/0/A/3/0A3BE969-85C5-4DD2-83B6-366AA71D1F E3/Data-Classification-for-Cloud-Readiness.pdf

Data Classification for Cloud Readiness " outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also discusses technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the
cloud era. The paper’s appendix then identifies some of today’s
top data classification regulations and compliance requirements.

-
" http://download.microsoft.com/download/0/9/2/092C54E6-1F36-4698-911B-4AE1D03478 97/CISO-Perspectives-Data-Classification.pdf

CISO Perspectives on Data Classification " provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, and how they have implemented data classification.

In addition to these materials, I would also suggest checking out the video from our Cloud Fundamentals Video Series titled "
http://blogs.technet.com/b/trustworthycomputing/archive/2012/07/10/cloud-funda mentals-video-series-all-data-is-not-created-equal.aspx

All Data is not Created Equal. " If your organization has implemented a data classification process and believe others could benefit from your experiences, we want to hear from you. Please connect with us either through

mailto:secnlfb@microsoft.com
email or via Twitter

https://twitter.com/msftsecurity
@MSFTSecurity .

Best regards,

Tim Rains, Director

Microsoft
Trustworthy
Computing

Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.

Top Stories

http://blogs.technet.com/b/security/archive/2014/02/25/now-available-emet-5-0- technical-preview.aspx

Now Available: EMET 5.0 Technical Preview

Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit (EMET), the EMET 5.0 Technical Preview. The new version offers new protections for enterprises that build on the 12 security mitigations included in version 4.1, for example, a new Attack Surface Reduction security
mitigation and further refinements to Export Address Table Access Filtering (EAF). Learn how you can use the EMET 5.0 Technical Preview today to protect your software applications and better test and deploy security updates for applications that you run in your environment.

http://blogs.technet.com/b/security/archive/2014/02/13/the-nist-cybersecurity- framework-a-significant-milestone-towards-critical-infrastructure-resiliency.as px

The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency

Developed over the past year through collaboration between industry and government, the National Institute of Standards and Technology (NIST) Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Explore Microsoft’s involvement in the development of the framework, and learn how Microsoft’s approach to managing cybersecurity risks is consistent with the Cybersecurity Framework’s security and privacy guidance.

http://blogs.technet.com/b/security/archive/2014/02/04/threats-in-the-cloud-pa rt-1-dns-attacks.aspx

Threats in the Cloud

Get guidance on how to manage the risks associated with two of the primary threats to cloud service providers and their customers:
http://blogs.technet.com/b/security/archive/2014/02/04/threats-in-the-cloud-pa rt-1-dns-attacks.aspx

attacks on the global Domain Name System (DNS) infrastructure and
http://blogs.technet.com/b/security/archive/2014/02/06/threats-in-the-cloud-pa rt-2-distributed-denial-of-service-attacks.aspx

Distributed Denial of Service (DDoS) attacks in the blog series from
Microsoft Trustworthy Computing Director Tim Rains.

Security Guidance

http://technet.microsoft.com/library/hh831717.aspx
Dynamic Access Control with Windows Server 2012

Learn how you can apply data governance across your file servers to control
who can access information and to audit who has accessed information with step-by-step guidance on how to plan for and deploy:

-
http://technet.microsoft.com/library/hh831425.aspx
Central access policies

-
http://technet.microsoft.com/library/hh831476.aspx
File access auditing

-
http://technet.microsoft.com/library/hh831788.aspx
Access-denied assistance

-
http://technet.microsoft.com/library/hh831647.aspx
Classification-based encryption for Microsoft Office documents

-
http://technet.microsoft.com/library/hh831826.aspx
Retention policies for information on file servers

http://www.microsoft.com/download/details.aspx?id=27123
Microsoft Data Classification Toolkit

If your organization is running Windows Server 2012 or Windows Server 2008 R2 Service Pack 1, the Data Classification Toolkit can help you identify, classify, and protect the data on your file servers. The out-of-the-box classification and rule examples included in the toolkit can also help you build and deploy policies to protect critical information on the file servers in your environment.

http://technet.microsoft.com/library/hh831660.aspx
Plan for Automatic File Classification

File Classification Infrastructure in Windows Server 2012 provides insight
into your data by automating classification processes so that you can manage your data more effectively. Learn how to identify what information to classify in your environment, how to classify files, and how to export the
configuration from a baseline computer to your file servers. Step-by-step

http://technet.microsoft.com/library/hh831672.aspx
deployment guidance is also available.

http://technet.microsoft.com/library/jj592683.aspx?ocid=wc-nl-secnews BitLocker: Planning and Policies

BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when
BitLocker-protected computers are decommissioned. Find out how to plan for a successful deployment of BitLocker by determining the appropriate policies and configuration requirements for your organization then learn how to

http://technet.microsoft.com/windows/dn168171.aspx?ocid=wc-nl-secnews
deploy BitLocker using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell .

This Month's Security Bulletins

February 2014 Security Bulletins

Critical

-MS14-007:2912390 https://technet.microsoft.com/en-us/security/bulletin/MS14-007

Vulnerability in Direct2D Could Allow Remote Code Execution

-MS14-008:2927022 https://technet.microsoft.com/en-us/security/bulletin/MS14-008

Vulnerability in Microsoft Forefront Protection for Exchange Could Allow
Remote Code Execution

-MS14-010:2909921 https://technet.microsoft.com/en-us/security/bulletin/MS14-010

Cumulative Security Update for Internet Explorer

-MS14-011:2928390 https://technet.microsoft.com/en-us/security/bulletin/MS14-011

Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

Important

-MS14-005:2916036 https://technet.microsoft.com/en-us/security/bulletin/MS14-005

Vulnerability in Microsoft XML Core Services Could Allow Information
Disclosure

-MS14-006:2904659 https://technet.microsoft.com/en-us/security/bulletin/MS14-006

Vulnerability in IPv6 Could Allow Denial of Service

-MS14-009:2916607 https://technet.microsoft.com/en-us/security/bulletin/MS14-009

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

February 2014 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2014/02/11/safer-internet-day-2014-and- our-february-2014-security-updates.aspx

Microsoft Security Response Center (MSRC) Blog Post

-
http://www.youtube.com/watch?v=ygUn4rfvYx0
Security Bulletin Webcast

-
http://blogs.technet.com/b/msrc/p/february-2014-security-bulletin-q-a.aspx

Security Bulletin Webcast Q&A

Security Events and Training

http://www.microsoftvirtualacademy.com/training-courses/windows-server-2012-r2 -access-and-information-protection

Microsoft Virtual Academy: Windows Server 2012 R2 Access and Information Protection

In this course, you will learn how Windows Server 2012 R2 can help you provision, manage, and secure devices—and protect valuable data—while creating a seamless experience for the user. Looking for specific training on the Dynamic Access Control features in Windows Server 2012? Check out the
http://www.microsoftvirtualacademy.com/training-courses/windows-server-2012-id entity-and-access

Windows Server 2012: Identity and Access course.

http://www.microsoftvirtualacademy.com/training-courses/windows-azure-security -overview

Microsoft Virtual Academy: Windows Azure Security Overview

Familiarize yourself with the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers, including the privacy, policies, infrastructure, and security mechanisms designed to protect customer data.

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572977 Microsoft Webcast: Information about the March 2014 Security Bulletin Release Wednesday, March 12, 2014 – 11:00AM Pacific Time

Join this webcast for a brief overview of the technical details of March’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032579476
Overview of Office 365 for Government
Wednesday, March 19, 2014 – 11:00AM Pacific Time

Learn how Office 365 can help government employees collaborate and stay productive from anywhere with secure, cloud-based versions of familiar applications. Explore Office 365 and learn how Microsoft’s Government Community Cloud can help you increase productivity and reduce costs while keeping your data secure and compliant.

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572978 Microsoft Webcast: Information about the April 2014 Security Bulletin Release Wednesday, April 9, 2014 – 11:00AM Pacific Time

Join this webcast for a brief overview of the technical details of April’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

http://northamerica.msteched.com/
TechEd North America 2014
May 12-15, 2014 – Houston, Texas

In 2014, Microsoft is bringing together the best of TechEd and the Microsoft Management Summit (MMS) to help skilled technology professionals increase
their technical expertise, share best practices, and interaction with
Microsoft and a variety of industry experts and their peers. Explore the security aspects of data platforms and business intelligence, datacenter and infrastructure management, people-centric IT, Windows (devices and Windows Phone), and much more.

http://northamerica.msteched.com/Register
Register today .

Essential Tools

-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
Security Compliance Manager

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer

Security Centers

-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers

Additional Resources

-
http://www.microsoft.com/about/twc/en/us/blogs.aspx
Trustworthy Computing Security and Privacy Blogs

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources

-
http://www.microsoft-careers.com/go/Trustworthy-Computing-Jobs/194701/ Trustworthy Computing Careers

microsoft.com/about/twcTrustworthy Computing

This is a monthly newsletter for IT professionals and
developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

(c) 2014 Microsoft Corporation
http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defa ult.aspx

Terms of Use |
http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN- US.aspx

Trademarks

Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=248681
Privacy Statement .

If you would prefer to no longer receive this newsletter, please http://pages.email.microsoftemail.com/page.aspx?QS=38dfbe491fab00ea380afe73db21 804e1836ec2291e123ed&emailid=284943&memberid=10030559&jobid=2773070&listid=8857 87&listname=Subscription_10030559_1109&subscriberkey=lordtime@tds.net&emailaddr =lordtime@tds.net&subscriberid=328026660

click here .

To set your contact preferences for other Microsoft communications http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc896fa9dd03bf8f9a531e6bdda8d87ba46d0d93f774eee8dbf1c9181f227623f9d

click here .

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games

Web-based telnet client

Other Links
What is a BBS?
Doors installed on this BBS
Digital Distortion Doors & Tools
Door stats
Trivia scores
Message networks
Terminal software
Synchronet archiver setup
Ready.gov anti-terrorist guidelines as of 2003

Other services
Telnet
RLogin
IRC
Email & news access

Feel free to send me an email.

BBS UPS stats
Who's Online
Recent Visitors
- Wilmaxs
  Wed Aug 16 04:20:48 2023
  via HTTP
- Mariachilds
  Fri Aug 11 02:57:26 2023
  from United states via HTTP
- detibi8403
  Sat Aug 5 04:44:08 2023
  via HTTP
- cepefoh251
  Wed Aug 2 01:21:39 2023
  via HTTP

System Info

Sysop:	Eric Oulashin
Location:	Beaverton, Oregon, USA
Users:	90
Nodes:	16 (0 / 16)
Uptime:	01:17:39
Calls:	4,907
Calls today:	1
Files:	8,491
Messages:	351,021

Microsoft Security Newsletter - February 2014

Who's Online

Recent Visitors

System Info