|Welcome to July’s Security Newsletter!|
The theme for this month’s newsletter focuses in on security tools designed to help make IT professionals work smarter, not harder. A good tool can save a lot of work and time for those people responsible for developing and managing software. Tools can help prevent the exploitation of software vulnerabilities and reduce the overhead needed to react to system compromises. As a result, to help mitigate threats from cybercriminals, Microsoft provides a number of free tools for organizations.
Threat modeling helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. To help make threat modeling a little easier, Microsoft provides a free
SDL Threat Modeling Tool that enables non-security subject matter experts to create and analyze threat models by communicating about the security design of their systems, analyzing those design for potential security issues using a proven methodology, and suggesting and managing mitigations for security issues. If you are in the retail industry, we also recently published guidance on "
Threat Modeling a Retail Environment" and "
Protecting Point of Sale Devices from Targeted Attacks."
Enhanced Mitigation Experience Toolkit
Enhanced Mitigation Experience Toolkit (EMET) is a free mitigation tool designed to help IT professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.
Another popular resource is our
myBulletins online service. myBulletins is a customizable tool designed to give IT professionals a tailored experience based on specific requirements for their environment. Using this service, you can filter security bulletins to show only those that are relevant to the Microsoft products in your environment. It can also be used to help prioritize security bulletins with the ability to sort by release date, severity, and reboot requirements. Since myBulletins is accessed through your Microsoft Account, your preferences can be saved, making it easier for you to use into the future.
For more information on methods that can help make your work and work life easier, I encourage you to read on for additional tools and resources.
| ||Best regards,|
Tim Rains, Director
Microsoft Trustworthy Computing
Have feedback on how we can improve this newsletter? Email us at
firstname.lastname@example.org share your ideas.
#TBT: Be Safer–Run as Standard User|
Learn why old advice is sometimes still the best advice when it comes to user privileges.
The Secret of the SDL
Since its inception in 2004 when it was established as a mandatory policy, and the external release of SDL tools and framework in 2008, Microsoft’s SDL resources have been downloaded more than 1 million times, and reached more than 150 countries. Find out why with this post from the Microsoft Security Blog.
Microsoft Digital Crimes Unit Disrupts Jenxcus and Bladabindi Malware Families
Learn how, on June 30th, following an investigation to which the Microsoft Malware Protection Center (MMPC) contributed, the Microsoft Digital Crimes Unit initiated a disruption of the Jenxcus and Bladabindi malware families.
Driving a Collectively Stronger Security Community with Microsoft Interflow
Microsoft Interflow, currently available as a private preview, is a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time. Learn how this platform may help security professionals respond more quickly to threats and reduce cost of defense by automating processes that are currently performed manually.
Security Tip of the Month: New Strategies and Features to Help Organizations Better Protect Against Pass-the-Hash Attacks|
Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations, Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs. Check out new guidance to help you address and protect your organization against credential theft.
Case of the Unexplained 2014: Troubleshooting with Mark Russinovich
Learn from the master of Windows troubleshooting as he walks you step-by-step through how he has solved seemingly unsolvable system and application problems on Windows. With all new real case studies, Mark shows how to apply Microsoft Debugging Tools and his own Windows Sysinternals tools, including Process Explorer, Process Monitor, to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs, and file system issues.
Microsoft Anti-Cross Site Scripting Library V4.3
The Microsoft Anti-Cross Site Scripting Library V4.3 (AntiXSS V4.3) is an encoding library that is designed to help you protect your applications from cross-site scripting attacks. Download the latest version, released in May of 2014.
Attack Surface Analyzer
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. Download the tool and read
Attack Surface Analyzer 1.0 Released for more information.
BinScope Binary Analyzer
The BinScope Binary Analyzer tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying / managing. Learn how to make more meaningful assessments by using the tool to audit the software deployed in your environment and determine if that software is making use of security mitigations.
Microsoft Baseline Security Analyzer 2.3
Updated to support Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012, the Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals to help small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.
Get to Know Today’s Security MVP Community|
On July 1st, Microsoft notified exemplary community leaders around the world that they have received the MVP Award. Explore the current enterprise and developer security MVPs, chosen because they have demonstrated their deep commitment to helping others make the most of their technology, voluntarily sharing their passion and real-world knowledge of Microsoft products with the community.
|This Month's Security Bulletins|
July 2014 Security Bulletins
July 2014 Security Bulletin Resources:
|Security Events and Training|
Microsoft Virtual Academy: Security Fundamentals|
Take this Microsoft Technology Associate (MTA) Training course to help you prepare for MTA Exam 98-367 and build an understanding of security layers, operating system security, network security, and Microsoft security software.
| || |
| ||microsoft.com/about/twc||Trustworthy Computing|| |
| ||This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.|
© 2014 Microsoft Corporation
Microsoft respects your privacy. To learn more please read our online
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please
click here. These settings will not affect any other newsletters you’ve requested or any mandatory service communications that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications
| || |