Skip to main content

Trustworthy Computing

Microsoft Security Newsletter

Stay up to date with security insights, resources, best practices, and events for IT professionals and developers. Browse past newsletters or subscribe to get the latest news delivered to your inbox.



Welcome to August’s Security Newsletter!

This month’s newsletter focuses on the importance of security and compliance for productivity solutions in enterprise environments. With increased regulations, the consumerization of IT, the rapid adoption of Bring Your Own Device (BYOD) scenarios, the explosion of data collected by organizations, and new collaboration scenarios, enterprises of all sizes are faced with a growing need to protect sensitive information. At the same time, enterprises have a need to securely share that same information amongst appropriate employees and other individuals within and outside the corporate network. When you need visibility into what’s happening or the ability to take action on your data, choosing the right application can offer immediate and immense benefits. Microsoft Office 365 provides those tools, and much more. Office 365 provides secure anywhere access to professional e-mail, shared calendars, instant messaging (IM), video conferencing, and document collaboration.

You can learn more about the security technology and compliance practices that support enterprise-grade security in Office 365 by downloading the " Security in Office 365" white paper. If you are looking for more information beyond service-level security, I encourage you to also download " Security and Compliance: Customer Controls for Information Protection in Office 365," which describes the security and compliance controls that Office 365 provides in the product, and to visit the Office 365 Trust Center.

Please read on for additional resources to help you better secure productivity solutions such as Office 365, SharePoint Online, Exchange Server 2013, and Lync Server 2013.

Tim Rains Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing

Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.comand share your ideas.

Top Stories

What Will Cybersecurity Look Like in 2025?
Cybersecurity challenges are emerging not only from the commonly recognized sources – criminals, malware, or even targeted cyber-attacks – they can also grow from public policies as well. Delve into Microsoft’s recent research report, " Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain," with this three-part Microsoft Security Blog series:

Part 1: The catalysts that will shape the future
Part 2: Microsoft envisions an optimistic future
Part 3: How Microsoft is shaping the future of cybersecurity

The Fall of Rogue Antivirus Software Brings New Methods to Light
Rogue antivirus software has been a part of the malware ecosystem for many years, but we are now seeing a dropping trend in the telemetry for some of the once most-prevalent rogue families. Learn more about this trend.

Internet Explorer Begins Blocking Out-of-Date ActiveX Controls
Starting September 9, 2014, Internet Explorer will block out-of-date ActiveX controls with a new security feature, called out-of-date ActiveX control blocking that lets you know when Internet Explorer prevents a webpage from loading common, but outdated, ActiveX controls; inventory the ActiveX controls your organization is using; and update the outdated control, so that it’s up-to-date and safer to use.

Security Guidance
Security Tip of the Month: Create and Apply Information Management Policies in SharePoint Online
Information management policies enable organizations to control and track things like how long content is retained or what actions users can take with that content. Learn how to create a policy to use on multiple content types within a site collection, create a policy for a site content type, and create a policy for a list or library.

Identify Sensitive Data Stored on SharePoint Online Sites
Data loss prevention (DLP) in SharePoint Online provides you with a way to identify that data, so you can work with document owners to reduce the risk posed to your organization. Learn how to use this feature to search for sensitive information types such as driver’s license numbers, routing numbers, and the like.

Encryption in Office 365
Office 365 Message Encryption is an online service that’s built on Microsoft Azure Rights Management. Explore the encryption process then find step-by-step guidance on how to set up Microsoft Azure Rights Management, define rules to encrypt or decrypt email messages, add branding to encrypted messages, and send, view, or reply to encrypted messages.

Office 365: Advanced Privacy Options for Administrators
Office 365 Midsize Business, Office 365 Enterprise, Office 365 Education, and Office 365 Government offer extensive data protection settings and capabilities. As an administrator, you can control how your organization’s data is shared externally, between users, and how it is used within the service. This document provides a straightforward guide to configuring various privacy settings found in the Office 365 admin center.

Manage Transport Rules in Exchange 2013
Using transport rules, you can look for specific conditions in messages that pass through your organization and take action on them. Transport rules let you apply messaging policies to email messages, secure messages, protect messaging systems, and prevent information leakage. Find out how to create, copy, adjust the order, enable or disable, delete, or import or export rules, and how to monitor rule usage.

Guide to Office 2013 Security
Use this roadmap to quickly locate information on the security features in Office 2013 as well as guidance on how to configure security using Group Policy and the Office Customization Tool, protect Office file integrity, and guard against external threats.

Planning for Security in Lync Server 2013
Find out how to address security during your Lync Server deployment. This short topic provides general guidelines and best practices for assessing and managing the most common security risks.

Community Update
Office 365 and ADFS…Active Directory Federation Service Installation
Active Directory Federation Services (AD FS) provide your Active Directory users, who are logged on to computers located physically on the corporate network or who are logged on remotely to the corporate network, with single sign-on access to Office 365 services using their corporate domain credentials. Get an overview of ADFS architecture plus a step-by-step guide to installation.

Office 365 and Active Directory Synchronization
Learn how to integrate Office 365 with Active Directory without the help of AD FS.

This Month's Security Bulletins

August 2014 Security Bulletins


MS14-043:2978742 Vulnerability in Windows Media Center Could Allow Remote Code Execution
MS14-051:2976627 Cumulative Security Update for Internet Explorer


MS14-044:2984340 Vulnerabilities in SQL Server Could Allow Elevation of Privilege
MS14-045:2984615 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege
MS14-046:2984625 Vulnerability in .NET Framework Could Allow Security Feature Bypass
MS14-047:2978668 Vulnerability in LRPC Could Allow Security Feature Bypass
MS14-048:2977201 Vulnerability in OneNote Could Allow Remote Code Execution
MS14-049:2962490 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege
MS14-050:2977202 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege

August 2014 Security Bulletin Resources:

August 2014 Bulletin Release Blog Post "August 2014 Security Updates"
August 2014 Security Bulletin Webcast
August 2014 Security Bulletin Webcast Q&A
Malicious Software Removal Tool: August 2014 Update

Security Events and Training
Microsoft Virtual Academy (MVA): Managing Office 365 Identities and Services
If you are evaluating, planning for, deploying, and operating Office 365 services, including its identities, dependencies, requirements, and supporting technologies, check out this course from Microsoft Virtual Academy. This 12-module course focuses on the skills required to set up an Office 365 tenant, including federation with existing user identities, and skills required to sustain an Office 365 tenant and users.

MVA Office Guides: Identity Management with Office 365
Learn how to synchronize your on-premises and cloud-based organizations using Active Directory synchronization, and prepare your organization to install and configure Active Directory Federation Services. You’ll also see how to enable single sign-on access in your organization using Active Directory Federation Services and how to add a custom domain to Office 365 and then convert it to a federated domain.

MVA Office Guides: Configuring Exchange Protection and Control
Explore some of the data loss prevention features and options that make it easier to protect sensitive data in the new Exchange and see how data loss prevention features enhance protection of information commonly sent in email, including financial and personal data.

MVA: Securing Lync Deployments
This course explores common security questions and explains how IIS ARR (Application Request Routing) and the addition of Two-Factor Authentication can be used to meet your needs for stronger authentication.


Essential Tools

Microsoft Security Bulletins
Microsoft Security Advisories
Security Compliance Manager
Microsoft Security Development Lifecycle Starter Kit
Enhanced Mitigation Experience Toolkit
Malicious Software Removal Tool
Microsoft Baseline Security Analyzer

Security Centers

Security TechCenter
Security Developer Center
Microsoft Security Response Center
Microsoft Malware Protection Center
Microsoft Privacy
Microsoft Security Product Solution Centers

Additional Resources

Trustworthy Computing Security and Privacy Blogs
Microsoft Security Intelligence Report
Microsoft Security Development Lifecycle
Malware Response Guide
Security Troubleshooting and Support Resources
Trustworthy Computing Careers Computing 
 This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2014 Microsoft Corporation Terms of Use | Trademarks

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please click here. These settings will not affect any other newsletters you’ve requested or any mandatory service communications that are considered part of certain Microsoft services.

To set your contact preferences for other Microsoft communications click here.