July 2011 – Technology Rollup Mail – Security

News Consumerization of IT and Sophistication of AttacksWhen employees take their laptops home, do they pose a risk to your network when they bring them back? What kinds of exploits should you watch out for? In this webcast, you can explore how cybercriminals use marketing-like tactics to lure their victims, learn about the potential impact to your organization, and get guidance on how to stay protected. https://technet.microsoft.com/en-us/edge/consumerization-of-it-and-sophistication-of-attacks.aspx Social Engineering Threat Trends in 2010Interested in learning how social networking has affected the way cybercriminals work? According to Microsoft's Security Intelligence Report, Volume 10, social networking has become one of the most common ways attackers lure their victims. Watch this short video to learn more about the emerging social engineering threats and get guidance on how you can protect yourself. https://www.youtube.com/watch?v=ZbgLZSP7Nbk Rogue Security Software: "Scamming for Money" Rogue security software, sometimes referred to as scareware, is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. In 2010, Microsoft cleaned almost 19 million infected systems with rogue security software. This video discusses the latest Rogue Security Software findings from the Microsoft Security Intelligence Report Volume 10 and provides recommendations to help you prevent rogues. https://www.microsoft.com/security/sir/videos/default.aspx#!video_1_3 Microsoft Security Bulletin Summary for June, 2011 https://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx Security Bulletin Overview for June 2011 Microsoft Security Response Center (MSRC) Blog Post https://go.microsoft.com/?linkid=9683067 Windows Media Video (WMV) https://go.microsoft.com/?linkid=9683068 Windows Media Audio (WMA) https://go.microsoft.com/?linkid=9683069 iPod Video (MP4) https://go.microsoft.com/?linkid=9683070 MP3 Audio https://go.microsoft.com/?linkid=9683071 High Quality WMV (2.5 Mbps) https://go.microsoft.com/?linkid=9683072 Zune Video (WMV) https://go.microsoft.com/?linkid=9683073 Microsoft Product Lifecycle Information Find information about your particular products on the Microsoft Product Lifecycle Web site https://go.microsoft.com/?linkid=9669804 See a List of Supported Service Packs https://go.microsoft.com/?linkid=9669805 Microsoft provides free software updates for security and nonsecurity issues for all supported service packs. Follow the Microsoft Security Response team on Twitter https://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape. Documents Security Tip of the Month: Prioritizing Microsoft Security Update Deployment Using Severity Ratings and the Updated Exploitability Index Microsoft has established a predictable process for releasing security updates on the second Tuesday of each month. Each security update carries two pieces of information that help with the prioritization process: the severity rating and the Exploitability Index. Explore each of these items in detail and learn how, taken separately, each gives an indication of the risk of a vulnerability being exploited while, taken together, both can add a new dimension of information that can help with prioritization decisions. Microsoft Security Update Guide, Second Edition Get in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment. This guide is designed to help you better understand and maximize Microsoft security update release information, processes, communications, and tools. How to Remove the Trojan Win32/FakePav Watch a short demonstration of how Win32/FakePav infects an unprotected computer, and find out how to remove the trojan. Behind the Curtain of Second Tuesdays: Challenges in Software Security Response This presentation discloses some of the challenges seen by the MSRC in addressing modern vulnerabilities. As SDL weeded out the simple buffer overflow, vulnerabilities have become more complex in nature and thus more challenging to address. The goal is to provide insight into Microsoft's techniques and processes in responding to these challenges and to provide lessons learned to other organizations in similar situations. Microsoft Security Compliance Manager Download this free tool offering centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies. Security Compliance as an Engineering Discipline As a result of requirements like the Payment Card Industry Data Security Standard (PCI-DSS), some organizations are building comprehensive application security programs for the first time. Learn how to harmonize compliance-focused programs with security engineering by integrating secure engineering practices into the entire software lifecycle with the Microsoft Security Development Lifecycle (SDL). Downloads Microsoft Security Development Lifecycle (SDL) - Version 5.1 Microsoft Security Development Lifecycle (SDL) Process Guidance - Version 5.1 https://www.microsoft.com/downloads/en/details.aspx?FamilyID=e5ff2f9d-7e72-485a-9ec0-5d6d076a8807 June 2011 Security Release ISO Image This DVD5 ISO image file contains the security updates for Windows released on Windows Update on June 14, 2011. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time. Important: Be sure to check the individual security bulletins at https://www.microsoft.com/technet/ security prior to deployment of these updates to ensure that the files have not been updated at a later date. This DVD5 image contains the following updates: KB2544893 / (MS11-037) Windows XP Windows XP x64 Edition Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2476490 / (MS11-038) Windows XP Windows XP x64 Edition Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2478656 / (MS11-039) KB2478657 / (MS11-039) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems KB2478658 / (MS11-039) KB2478659 / (MS11-039) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems KB2478660 / (MS11-039) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems KB2478661 / (MS11-039) Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems KB2478662 / (MS11-039) Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems KB2478663 / (MS11-039) KB2525694 / (MS11-041) Windows XP x64 Edition Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista for x64-based Systems Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 for x64-based Systems Windows Embedded Standard 7 for x64-based Systems KB2535512 / (MS11-042) Windows XP Windows XP x64 Edition Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2536276 / (MS11-043) Windows XP Windows XP x64 Edition Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2518863 / (MS11-044) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems KB2518865 / (MS11-044) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems KB2518866 / (MS11-044) Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems KB2518867 / (MS11-044) Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems KB2518869 / (MS11-044) Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems KB2503665 / (MS11-046) Windows XP Windows XP x64 Edition Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2525835 / (MS11-047) Windows Server 2008 x64 Edition Windows Server 2008 R2 x64 Edition KB2536275 / (MS11-048) Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2530548 / (MS11-050) Windows XP Windows XP x64 Edition Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2003 for Itanium-based Systems Windows Vista Windows Vista for x64-based Systems Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 for Itanium-based Systems Windows Server 2008 R2 x64 Edition Windows Server 2008 R2 for Itanium-based Systems Windows 7 Windows 7 for x64-based Systems Windows Embedded Standard 7 Windows Embedded Standard 7 for x64-based Systems KB2518295 / (MS11-051) Windows Server 2003 Windows Server 2003 x64 Edition Windows Server 2008 Windows Server 2008 x64 Edition Windows Server 2008 R2 x64 Edition KB2544521 / (MS11-052) https://www.microsoft.com/download/en/details.aspx?id=26329 Events/WebCasts Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910 Find security webcasts listed in an easy-to-use calendar format. Upcoming Security Webcasts https://www.microsoft.com/events/security/upcoming.mspx Register for the following Webcasts on the link above TechNet Webcast: Information about Microsoft Security Bulletins for July (Level 200) Wednesday, July 13, 2011 11:00 A.M.-12:00 P.M. Pacific Time