Your Ad Here

Thursday, October 29, 2009

Virtual TechDays: Block your date for the New Efficiency Virtual Launch!

Continue Reading...

Tuesday, October 27, 2009

Microsoft - Security Update

The web helped develop a new generation of internet facing applications with the browser being the centrepiece of the internet. The browser has helped in transforming and innovating search, service delivery, ecommerce, virtual communities, software as a service, etc using rich data including audio and video. At Microsoft we continue to invest a lot in researching and developing software - be it great Windows applications, great web applications or great applications for the phone. We invest to make sure that all these applications on the PC, phone and web work together seamlessly to provide you with the necessary productivity and communication that you need while you are mobile. Today malware distributors use various techniques to attempt to direct Internet users to Web sites that have been compromised or are intentionally hosting hostile code. The malicious server hosts one or more exploits that are designed to use specific vulnerabilities to install themselves secretly on the user’s computer. The vulnerabilities targeted by these exploits are typically found in Web browsers themselves or in browser add-ons that enable users to experience popular types of media content within the browser environment. To help secure users against exploitation, Microsoft uses Windows Update to distribute killbits that prevent certain vulnerable add-ons from running in Internet Explorer. Most malicious Web sites use exploit kits that package together four to six exploits. Each kit is designed to offer malware distributors optimal levels of applicability, stealth, reliability, and detection evasion. The NSS Labs has published Web Browser Security – Socially Engineered Malware Protection Comparative Results (comparing Apple Safari 4, Google Chrome 2, Microsoft Windows Internet Explorer 8, Mozilla Firefox 3 and Opera 10 Beta). Internet Explorer 8 had exceptional scores thereby confirming that the investments that we are doing in software, including the secure development lifecycle, is helping us provide you with secure and reliable software, improve productivity and communication.

Internet Explorer 8 caught 81% of the live threats, an exceptional score which surpassed the next best browser (Firefox 3) by a 54% margin. Windows Internet Explorer 8 improved 12% between Q1 and Q2 tests, evidence of concerted efforts Microsoft is making in the SmartScreen technology.

Using the same test methodology on both the February and July 2009 tests allows for an easy apples-to-apples comparison of performance changes over time. As demonstrated by the table below, Internet Explorer 8 increased its protection by 12%, a considerable gain from an already strong 69% in the previous test.

All the other browsers decreased protection, by 3 and 8% - within the margin in the error. The left most columns indicate how much better (or worse) Internet Explorer 8 and Firefox 3 are compared to other browsers' scores.

Sanjay Bahl is the Chief Security Officer for Microsoft Corporation (India) Pvt Ltd, and is a member of various security committees at national and International level.

To receive our next issues of Security Focus...

For Support on Microsoft Update Management, Security Alerts & Worm Breakout,
Contact the Trustworthy Computing Hot Line at 1800-2662939

For more information on the Security Bulletins and Microsoft Programs, visit the Microsoft Security Center at www.microsoft.com/msrc

Security Bulletin
On October 13, 2009, Microsoft released 13 new security bulletins. Below is a summary
Bulletin ID Maximum Severity Rating Vulnerability Impact Restart Requirement Affected Software*
Bulletin 1 Critical
Remote Code Execution Requires restart Microsoft Windows Vista and Windows Server 2008
Bulletin 2 Critical
Remote Code Execution May require restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
Bulletin 3 Critical
Remote Code Execution May require restart Microsoft Windows 2000, Windows XP, and Windows Server 2003
Bulletin 4 Important
Remote Code Execution May require restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
Bulletin 5 Critical
Remote Code Execution Requires restart Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Bulletin 6 Critical
Remote Code Execution May require restart Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Bulletin 7 Important
Spoofing Requires restart Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Bulletin 8 Important
Remote Code Execution Requires restart Microsoft Windows 2000, Windows XP, and Windows Server 2003
Bulletin 9 Important
Elevation of Privilege Requires restart Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
Bulletin 10 Important
Denial of Service Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Bulletin 11 Critical
Remote Code Execution May require restart Microsoft Office Outlook 2002, Outlook 2003, Outlook 2007, Visio Viewer 2002, Visio Viewer 2003, and Visio Viewer 2007
Bulletin 12 Critical
Remote Code Execution May require restart Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and Microsoft Silverlight 2
Bulletin 13 Critical
Remote Code Execution May require restart Microsoft Windows, Microsoft Office, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront
* The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the "Advance Notification Web Page" link below and review the "Affected Software" section.

Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities are subject to change until released.

Advance Notification Web Page: Click here to find the full version of the Microsoft Security Bulletin Advance Notification for this month

Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Monthly Security Bulletin Webcast: To address customer questions on these bulletins, Microsoft will host a Webcast next Wednesday, at 11:00 A.M. Pacific Time (U.S. and Canada). Click here to Register for this event.

Voice of our Customers

“Security has been one of the most important criteria when Microland decided to roll out Windows 7 across corporate function. With BitLocker To Go, we were able to encrypt all laptops including USB drives, which gave us peace of mind. AppLocker, another important feature of Windows 7 enabled IT team to take control of applications that our employees are allowed to access and lockdown the applications which would result in increasing vulnerabilities to the organization. Finally, with DirectAccess, employees were able to access corporate resources seamlessly and more securely, even when out of office.”
Guruprasad Murty Vice President - Information Systems and IT Services, Microland Limited

"The ability to manage client security through one console which will improve efficiency and interoperable products will strengthen stability and level of control of IT infrastructure. My advice to any company seeking a new security solution is to try out Forefront Client Security. The benefits of integration and rich reporting alone make it an ideal choice. Forefront Client Security works seamlessly with our core infrastructure components. This gives us confidence that we are ready to respond to the latest threats."”
Rajiv Ranjan DGM - IT, Lodha Group of Companies

Windows 7 Security Enhancements

Built upon the security foundation of Windows Vista, Windows 7 introduces a number of security enhancements to give users the confidence that Microsoft is continuing to find better ways to safeguard users’ IT investments as well as data. Explore improvements in security configuration flexibility, auditing, and User Account Control then delve into new features like AppLocker and BitLocker To Go. End users can enjoy the benefits of computers and the Internet knowing that Windows 7 is using new technologies and features to safeguard privacy and personal information.

Know More>>

Security and Policy Enforcement in Windows Server 2008 R2

Protecting the network is one of the toughest challenges in IT today. Network administrators must establish and enforce security policies that provide robust protection, while still being flexible enough to accommodate the connectivity needs of a growing number of internal and external users, device types, system configurations, and network connection types. In addition to several enhancements to Active Directory that help make Identity and Access Management more efficient, Windows Server 2008 R2 includes several additional security and policy enhancements:
• Group Policy
• Network Policy and Access Services
• Network Access Protection
• Windows Firewall with Advanced Security

Know More>>

Update Deployment with Microsoft Windows Server Update Services

Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network.

Know More >>

Security Tips

Use Msconfig to disable and enable UAC
Encrypt Removable USB Drives with BitLocker To Go on Windows 7
How to install Non-Microsoft Patches using System Center Essentials

Security Webcasts

Internet Explorer 8 Desktop Security Guide
Getting started with the SDL Threat Modeling Tool
Windows Server 2008 R2 Core Network Guide

Additional Resources

The Microsoft Security Development Lifecycle (SDL): Process Guidance
Infrastructure Optimisation Model
The Microsoft Security Update Guide
Windows 7
Internet Explorer 8 Readiness Toolkit
Windows Server 2008 R2

About the Microsoft Trustworthy Computing Service

Microsoft Trustworthy Computing (TwC) initiative is to help our customers with ongoing challenge of security updates management and deployment.

Continue Reading...

.Net Quiz - Test Your Knowledge and Win Some Exciting Prizes

Please note:
In case a Participant qualifies to win 2 prizes, he/she should be awarded the one with the higher value. No Participant shall win more
than one (1) prize.
For detailed terms and conditions, click here
Continue Reading...
Your Ad Here
 

Popular Posts

Widget by Blogger Buster

Copyright © 2009 Find Every Thing Here Template is Designed with help of Ipietoon for Free Blogger Template