What's New on TechNet

Announcements

• (US/Global English)
  

   

  Watch a Video on Microsoft Certification 101
  In this interview David Elfassy, who works on certification with Microsoft Learning, discusses the importance of getting certification in these challenging economic times, which certifications to pick, and provides recommendations on getting started with prepping for the exam.
  Monday, Jun 29

  Start Using the Security Development Lifecycle Automatically: Download the SDL Process Template for VSTS
  The SDL Process Template for Visual Studio Team System automatically integrates the SDL into a familiar development environment,  Visual Studio Team Systems 2008, and enables you to discover security issues early in your development lifecycle, reducing the total cost of development.
  Monday, Jun 29

  IT Manager Webcast: Platform Solution Blueprints - Application Life-Cycle Management (ALM)
  Application Life-Cycle Management (ALM) is a practice that helps businesses synchronize business goals and IT investment priorities. This webcast shows you how the Microsoft platform can build success into your solutions.
  Monday, Jun 29

  Watch a Video on Windows XP Migration to Windows 7 RC using MDT 2010 Beta 1, Part 2: How To Build It
  In part 2 of this series Jeremy Chapman, Senior Product Manager of the Windows 7 deployment team, shows how he built out the migration environment using the Microsoft Deployment Toolkit 2010 Beta 1.
  Wednesday, Jun 24

  TechNet Virtual Lab: Using IIS 7.0 Media Features in a PHP Application
  Deliver media over the Web with IIS 7.0, play a video using the embedded Windows Media Player control.
  Wednesday, Jun 24

  ---

   

Highlights

From TechNet Magazine   This RSS Feed has moved. Please update your RSS Feed Reader(s) The RSS Feeds for TechNet Magazine have moved. Please visit our new Wednesday, Apr 2 by TechNet Magazine Webmaster

Security Highlights

From the TechNet Security Center Microsoft security bulletins for January 2008 Download the security bulletins released on January 8, 2008. Tuesday, Jan 8 January 2008 security bulletin webcast Register for this webcast to learn more about the January 2008 security bulletins. Tuesday, Jan 8

Security Notifications

A Comprehensive List of Recent Bulletins, Advisories and Alerts Microsoft Security Bulletin Advance Notification for July 2009 Revision Note: Advance Notification published.Summary: This advance notification lists security bulletins to be released for July 2009. Thursday, Jul 9 Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution Revision Note: Advisory published.Summary: Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. Monday, Jul 6 MS03-011 - Version:2.0 Severity Rating: Critical - Revision Note: V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: Flaw in Microsoft VM Could Enable System Compromise (816093) Wednesday, Jul 1 MS02-069 - Version:2.0 Severity Rating: Critical - Revision Note: V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: Flaw in Microsoft VM Could Enable System Compromise (810030) Wednesday, Jul 1 MS02-052 - Version:2.0 Severity Rating: Critical - Revision Note: V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077) Wednesday, Jul 1 MS02-013 - Version:3.0 Severity Rating: Critical - Revision Note: V3.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: 04 March 2002 Cumulative VM Update Wednesday, Jul 1 MS09-022 - Critical: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) - Version:1.1 Severity Rating: Critical - Revision Note: V1.1 (June 17, 2009): Added "Disable the Print Spooler service" as workaround for CVE-2009-0230.Summary: This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Wednesday, Jun 17 MS09-021 - Critical: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) - Version:1.1 Severity Rating: Critical - Revision Note: V1.1 (June 17, 2009): Added a link to Microsoft Knowledge Base Article 969462 under Known Issues in the Executive Summary.Summary: This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Wednesday, Jun 17 MS09-020 - Important: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) - Version:1.1 Severity Rating: Important - Revision Note: V1.1 (June 17, 2009): Expanded on the "What causes the vulnerability?" FAQ entries for CVE-2009-1122 and CVE-2009-1535. This is an informational change only.Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs. Wednesday, Jun 17

Community Resources

Blogs, forums, chats and other resources for and by the TechNet community of IT experts.