Skip to main content

Trustworthy Computing

Microsoft Security Newsletter

Stay up to date with security insights, resources, best practices, and events for IT professionals and developers. Browse past newsletters or subscribe to get the latest news delivered to your inbox.



Welcome to February’s Security Newsletter!

The theme for our newsletter this month focuses in on the importance of data classification in helping to manage risk for sensitive data. With the proliferation of devices on the market today, many IT professionals I talk with struggle with how to manage sensitive data on end point devices. For some, data classification has already become a part of their culture and plays a role in managing their organization’s data. For others though, this is either a new concept or one that organizations struggle to implement.

Given the importance and relevance of this topic in today’s environment, we have published two papers that are recommended reading for any IT professional seeking to learn more about data classification and how it can help organizations better manage risk:

" Data Classification for Cloud Readiness" outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also discusses technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the cloud era. The paper’s appendix then identifies some of today’s top data classification regulations and compliance requirements.
" CISO Perspectives on Data Classification" provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, and how they have implemented data classification.

In addition to these materials, I would also suggest checking out the video from our Cloud Fundamentals Video Series titled " All Data is not Created Equal." If your organization has implemented a data classification process and believe others could benefit from your experiences, we want to hear from you. Please connect with us either through email or via Twitter @MSFTSecurity.

Tim Rains Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing

Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.comand share your ideas.


Top Stories
Now Available: EMET 5.0 Technical Preview
Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit (EMET), the EMET 5.0 Technical Preview. The new version offers new protections for enterprises that build on the 12 security mitigations included in version 4.1, for example, a new Attack Surface Reduction security mitigation and further refinements to Export Address Table Access Filtering (EAF). Learn how you can use the EMET 5.0 Technical Preview today to protect your software applications and better test and deploy security updates for applications that you run in your environment.

The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency
Developed over the past year through collaboration between industry and government, the National Institute of Standards and Technology (NIST) Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Explore Microsoft’s involvement in the development of the framework, and learn how Microsoft’s approach to managing cybersecurity risks is consistent with the Cybersecurity Framework’s security and privacy guidance.

Threats in the Cloud
Get guidance on how to manage the risks associated with two of the primary threats to cloud service providers and their customers: attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks in the blog series from Microsoft Trustworthy Computing Director Tim Rains.


Security Guidance

Dynamic Access Control with Windows Server 2012
Learn how you can apply data governance across your file servers to control who can access information and to audit who has accessed information with step-by-step guidance on how to plan for and deploy:

Central access policies
File access auditing
Access-denied assistance
Classification-based encryption for Microsoft Office documents
Retention policies for information on file servers

Microsoft Data Classification Toolkit
If your organization is running Windows Server 2012 or Windows Server 2008 R2 Service Pack 1, the Data Classification Toolkit can help you identify, classify, and protect the data on your file servers. The out-of-the-box classification and rule examples included in the toolkit can also help you build and deploy policies to protect critical information on the file servers in your environment.

Plan for Automatic File Classification
File Classification Infrastructure in Windows Server 2012 provides insight into your data by automating classification processes so that you can manage your data more effectively. Learn how to identify what information to classify in your environment, how to classify files, and how to export the configuration from a baseline computer to your file servers. Step-by-step deployment guidance is also available.

BitLocker: Planning and Policies
BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned. Find out how to plan for a successful deployment of BitLocker by determining the appropriate policies and configuration requirements for your organization then learn how to deploy BitLocker using the Microsoft Deployment Toolkit (MDT) and Windows PowerShell.


This Month's Security Bulletins

February 2014 Security Bulletins


MS14-007:2912390 Vulnerability in Direct2D Could Allow Remote Code Execution
MS14-008:2927022 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution
MS14-010:2909921 Cumulative Security Update for Internet Explorer
MS14-011:2928390 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution


MS14-005:2916036 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
MS14-006:2904659 Vulnerability in IPv6 Could Allow Denial of Service
MS14-009:2916607 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

February 2014 Security Bulletin Resources:

Microsoft Security Response Center (MSRC) Blog Post
Security Bulletin Webcast
Security Bulletin Webcast Q&A

Security Events and Training
Microsoft Virtual Academy: Windows Server 2012 R2 Access and Information Protection
In this course, you will learn how Windows Server 2012 R2 can help you provision, manage, and secure devices—and protect valuable data—while creating a seamless experience for the user. Looking for specific training on the Dynamic Access Control features in Windows Server 2012? Check out the Windows Server 2012: Identity and Access course.

Microsoft Virtual Academy: Windows Azure Security Overview
Familiarize yourself with the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers, including the privacy, policies, infrastructure, and security mechanisms designed to protect customer data.

Microsoft Webcast: Information about the March 2014 Security Bulletin Release
Wednesday, March 12, 2014 – 11:00AM Pacific Time
Join this webcast for a brief overview of the technical details of March’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

Overview of Office 365 for Government
Wednesday, March 19, 2014 – 11:00AM Pacific Time
Learn how Office 365 can help government employees collaborate and stay productive from anywhere with secure, cloud-based versions of familiar applications. Explore Office 365 and learn how Microsoft’s Government Community Cloud can help you increase productivity and reduce costs while keeping your data secure and compliant.

Microsoft Webcast: Information about the April 2014 Security Bulletin Release
Wednesday, April 9, 2014 – 11:00AM Pacific Time
Join this webcast for a brief overview of the technical details of April’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.

TechEd North America 2014
May 12-15, 2014 – Houston, Texas
In 2014, Microsoft is bringing together the best of TechEd and the Microsoft Management Summit (MMS) to help skilled technology professionals increase their technical expertise, share best practices, and interaction with Microsoft and a variety of industry experts and their peers. Explore the security aspects of data platforms and business intelligence, datacenter and infrastructure management, people-centric IT, Windows (devices and Windows Phone), and much more. Register today.


Essential Tools

Microsoft Security Bulletins
Microsoft Security Advisories
Security Compliance Manager
Microsoft Security Development Lifecycle Starter Kit
Enhanced Mitigation Experience Toolkit
Malicious Software Removal Tool
Microsoft Baseline Security Analyzer

Security Centers

Security TechCenter
Security Developer Center
Microsoft Security Response Center
Microsoft Malware Protection Center
Microsoft Privacy
Microsoft Security Product Solution Centers

Additional Resources

Trustworthy Computing Security and Privacy Blogs
Microsoft Security Intelligence Report
Microsoft Security Development Lifecycle
Malware Response Guide
Security Troubleshooting and Support Resources
Trustworthy Computing Careers Computing 
 Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies, please click here. These settings will not affect any other newsletters you’ve requested or any mandatory service communications you’ve requested that are considered part of certain Microsoft services.

To set your contact preferences for other Microsoft communications, click here.