The Microsoft Malware Protection Center (MMPC) provides world class antimalware research and response capabilities that support Microsoft’s range of security products and services.
With laboratories in multiple locations around the globe the MMPC is able to respond quickly and effectively to new malicious and potentially unwanted software threats wherever and whenever they arise.
Check out the new MMPC portal at:
https://www.microsoft.com/security/portal/default....nin1.0
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
LAS VEGAS — July 27, 2009 — Today at the Black Hat USA 2009 conference, Microsoft Corp. unveiled the progress of its information-sharing programs, providing insight into the positive impact the growing trend of community-based defense is having on the broader security ecosystem.
In addition, in an effort to help improve customers’ risk analysis and security update management processes, the company introduced new tools and guidance designed to help security professionals around the world better manage online threats.
For more information about Microsoft at Black Hat Las Vegas this year, check out:
http://www.microsoft.com/presspass/press/2009/jul0...R.mspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Today Microsoft released Security Advisory 973882 and with it, two out-of-band security bulletins. These updates are MS09-034 (an Internet Explorer update) and MS09-035 (a Visual Studio update).
At this time for customers who have applied MS09-032 we are not aware of any “in the wild” exploits that leverage the vulnerabilities documented in 973882 and MS09-035.
However, MS09-034 and MS09-035 work together to build further defenses against the known vulnerabilities in ATL.
For more information about this out of band release, check out:
http://blogs.technet.com/srd/archive/2009/07/28/ov...e.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Nice article on issues of defining identity, authentication and stakeholders in identity management and integrity.
Check it out at:
http://technet.microsoft.com/en-us/magazine/2009.0...h.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
The guys on the Forefront Server Security support team call out some changes you might be interested in regarding the Spamhaus RBL.
I use the Spamhaus zen list myself and have been very happy with it. However, if you want to narrow your focus and use the sbl, xbl or pbl options, Spamhaus gives you the options to do this.
Check out this blog post on the Forefront Server Security Support Blog over at:
http://blogs.technet.com/fssnerds/archive/2009/07/...e.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Publisher 2007 Service Pack 1. For more information, see the subsection, Affected and Non-Affected Software, in this section.
This update addresses the vulnerability by modifying the way that Microsoft Office Publisher opens Publisher files. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Important for all supported editions of Virtual PC 2004, Virtual PC 2007, and Virtual Server 2005. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by enforcing validation of privilege levels when executing machine instructions. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.
Check out:
http://www.microsoft.com/technet/security/Bulletin...3.mspx
for more information.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
As the world grows more connected, demand is increasing for easy, secure ways to collaborate across companies and over the Internet using familiar tools and applications.
In this session learn how to use Microsoft “Geneva” and the claims-based identity model to enable single sign-on, strong authentication, federation, and the ability to flow user identity between applications, and how to collaborate across boundaries using Office, SharePoint, “Geneva” federation server, and AD Rights Management Services.
Learn about “Geneva” over at:
http://www.microsoft.com/events/series/forefront.a...d=6493
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Done implementing Microsoft Office SharePoint Server or Microsoft Exchange Server? There’s more you can do! Spend an hour walking through the Identity and Security products and solutions that help make deployments more secure.
They’ll spend time discussing Microsoft Forefront Security, the Intelligent Application Gateway, Internet Security and Acceleration Server, Rights Management Services and Identity Lifecycle Manager.
Join Uri Lichtenfeld in this Webcast and find out how IAG can shore up your frontline defenses, at the edge.
Check it out at:
http://msevents.microsoft.com/cui/WebCastEventDeta...ode=US
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
In this webcast, the focus is on how Microsoft security and security management in a platform solution opens your business to new opportunities.
If improving security is critical, but you believe security is tied to overwhelming administrative costs or have other security concerns, then join us for this webcast and experience security as a business enabler.
Check it out over at:
http://www.microsoft.com/events/podcasts/default.a...;topic
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
The Microsoft Malware Protection Center (MMPC) provides world class antimalware research and response capabilities that support Microsoft’s range of security products and services.
