Microsoft Security Newsletter - August 2014



Trustworthy Computing | August 2014
Microsoft Security Newsletter



Welcome to August’s Security Newsletter!

This month’s newsletter focuses on the importance of security and compliance for productivity solutions in enterprise environments. With increased regulations, the consumerization of IT, the rapid adoption of Bring Your Own Device (BYOD) scenarios, the explosion of data collected by organizations, and new collaboration scenarios, enterprises of all sizes are faced with a growing need to protect sensitive information. At the same time, enterprises have a need to securely share that same information amongst appropriate employees and other individuals within and outside the corporate network. When you need visibility into what’s happening or the ability to take action on your data, choosing the right application can offer immediate and immense benefits. Microsoft Office 365 provides those tools, and much more. Office 365 provides secure anywhere access to professional e-mail, shared calendars, instant messaging (IM), video conferencing, and document collaboration.



You can learn more about the security technology and compliance practices that support enterprise-grade security in Office 365 by downloading the "

http://www.microsoft.com/download/details.aspx?id=26552
Security in Office 365 " white paper. If you are looking for more information beyond service-level security, I encourage you to also download "

http://office.microsoft.com/en-us/business/redir/XT104364341.aspx
Security and Compliance: Customer Controls for Information Protection in Office 365 ," which describes the security and compliance controls that Office 365 provides in the product, and to visit the

http://office.microsoft.com/en-us/business/office-365-trust-center-cloud-comput ing-security-FX103030390.aspx#welcome
Office 365 Trust Center .



Please read on for additional resources to help you better secure productivity solutions such as Office 365, SharePoint Online, Exchange Server 2013, and Lync Server 2013.



Best regards,

Tim Rains, Director

Microsoft Trustworthy Computing



Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.



Top Stories



http://blogs.technet.com/b/security/archive/2014/08/11/cyberspace-2025-overview .aspx
What Will Cybersecurity Look Like in 2025?

Cybersecurity challenges are emerging not only from the commonly recognized sources – criminals, malware, or even targeted cyber-attacks – they can also grow from public policies as well. Delve into Microsoft’s recent research report, " http://www.microsoft.com/security/cybersecurity/cyberspace2025/
Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain ," with this three-part Microsoft Security Blog series:


- http://blogs.technet.com/b/security/archive/2014/08/11/cyberspace-2025-overview .aspx
Part 1: The catalysts that will shape the future
- http://blogs.technet.com/b/security/archive/2014/08/20/what-will-cybersecurity- look-like-in-2025-part-2-microsoft-envisions-an-optimistic-future.aspx
Part 2: Microsoft envisions an optimistic future
- http://blogs.technet.com/b/security/archive/2014/08/26/what-will-cybersecurity- look-like-in-2025-part-3-how-microsoft-is-shaping-the-future-of-cybersecurity.a spx
Part 3: How Microsoft is shaping the future of cybersecurity

http://blogs.technet.com/b/mmpc/archive/2014/08/19/the-fall-of-rogue-antivirus- software-brings-new-methods-to-light.aspx
The Fall of Rogue Antivirus Software Brings New Methods to Light

Rogue antivirus software has been a part of the malware ecosystem for many years, but we are now seeing a dropping trend in the telemetry for some of the once most-prevalent rogue families. Learn more about this trend.


http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking -out-of-date-activex-controls.aspx
Internet Explorer Begins Blocking Out-of-Date ActiveX Controls

Starting September 9, 2014, Internet Explorer will block out-of-date ActiveX controls with a new security feature, called out-of-date ActiveX control blocking that lets you know when Internet Explorer prevents a webpage from loading common, but outdated, ActiveX controls; inventory the ActiveX controls your organization is using; and update the outdated control, so that it's up-to-date and safer to use.




Security Guidance

http://office.microsoft.com/en-us/sharepoint-server-help/create-and-apply-infor mation-management-policies-HA102773281.aspx
Security Tip of the Month: Create and Apply Information Management Policies in SharePoint Online

Information management policies enable organizations to control and track things like how long content is retained or what actions users can take with that content. Learn how to create a policy to use on multiple content types within a site collection, create a policy for a site content type, and create a policy for a list or library.


http://technet.microsoft.com/library/dn798914.aspx
Identify Sensitive Data Stored on SharePoint Online Sites

Data loss prevention (DLP) in SharePoint Online provides you with a way to identify that data, so you can work with document owners to reduce the risk posed to your organization. Learn how to use this feature to search for

http://technet.microsoft.com/library/jj150541.aspx
sensitive information types such as driver’s license numbers, routing numbers, and the like.


http://technet.microsoft.com/library/dn569286.aspx
Encryption in Office 365

Office 365 Message Encryption is an online service that’s built on Microsoft Azure Rights Management. Explore the encryption process then find step-by-step guidance on how to

http://technet.microsoft.com/library/dn569291.aspx
set up Microsoft Azure Rights Management ,

http://technet.microsoft.com/library/dn569289.aspx
define rules to encrypt or decrypt email messages ,

http://technet.microsoft.com/library/dn569292.aspx
add branding to encrypted messages , and

http://technet.microsoft.com/library/dn569287.aspx
send, view, or reply to encrypted messages .


http://www.microsoft.com/online/legal/v2/en-us/E.EDU.GOV_Advanced_Privacy_Optio ns_for_Admins.htm
Office 365: Advanced Privacy Options for Administrators

Office 365 Midsize Business, Office 365 Enterprise, Office 365 Education, and Office 365 Government offer extensive data protection settings and capabilities. As an administrator, you can control how your organization’s data is shared externally, between users, and how it is used within the service. This document provides a straightforward guide to configuring various privacy settings found in the Office 365 admin center.


LINK
Manage Transport Rules in Exchange 2013

Using transport rules, you can look for specific conditions in messages that pass through your organization and take action on them. Transport rules let you apply messaging policies to email messages, secure messages, protect messaging systems, and prevent information leakage. Find out how to create, copy, adjust the order, enable or disable, delete, or import or export rules, and how to monitor rule usage.


http://technet.microsoft.com/library/dn194021(v=office.15).aspx
Guide to Office 2013 Security

Use this roadmap to quickly locate information on the security features in Office 2013 as well as guidance on how to configure security using Group Policy and the Office Customization Tool, protect Office file integrity, and guard against external threats.


http://technet.microsoft.com/library/dn342827.aspx
Planning for Security in Lync Server 2013

Find out how to address security during your Lync Server deployment. This short topic provides general guidelines and best practices for assessing and managing the most common security risks.




Community Update

http://social.technet.microsoft.com/wiki/contents/articles/9082.office-365-and- adfs-active-directory-federation-service-installation.aspx
Office 365 and ADFS…Active Directory Federation Service Installation

Active Directory Federation Services (AD FS) provide your Active Directory users, who are logged on to computers located physically on the corporate network or who are logged on remotely to the corporate network, with single sign-on access to Office 365 services using their corporate domain credentials. Get an overview of ADFS architecture plus a step-by-step guide to installation.


http://social.technet.microsoft.com/wiki/contents/articles/19431.office-365-and -active-directory-synchronization.aspx
Office 365 and Active Directory Synchronization

Learn how to integrate Office 365 with Active Directory without the help of AD FS.




This Month's Security Bulletins


August 2014 Security Bulletins


Critical

-MS14-043:2978742
https://technet.microsoft.com/library/security/ms14-043

Vulnerability in Windows Media Center Could Allow Remote Code Execution

-MS14-051:2976627
https://technet.microsoft.com/library/security/ms14-051

Cumulative Security Update for Internet Explorer



Important

-MS14-044:2984340
https://technet.microsoft.com/library/security/ms14-044

Vulnerabilities in SQL Server Could Allow Elevation of Privilege

-MS14-045:2984615
https://technet.microsoft.com/library/security/ms14-045

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege

-MS14-046:2984625
https://technet.microsoft.com/library/security/ms14-046

Vulnerability in .NET Framework Could Allow Security Feature Bypass

-MS14-047:2978668
https://technet.microsoft.com/library/security/ms14-047

Vulnerability in LRPC Could Allow Security Feature Bypass

-MS14-048:2977201
https://technet.microsoft.com/library/security/ms14-048

Vulnerability in OneNote Could Allow Remote Code Execution

-MS14-049:2962490
https://technet.microsoft.com/library/security/ms14-049

Vulnerability in Windows Installer Service Could Allow Elevation of Privilege

-MS14-050:2977202
https://technet.microsoft.com/library/security/ms14-050

Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege



August 2014 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2014/08/12/august-2014-security-updates .aspx

August 2014 Bulletin Release Blog Post "August 2014 Security Updates"
-
https://www.youtube.com/watch?v=JmghP1A9sTU
August 2014 Security Bulletin Webcast
-
http://blogs.technet.com/b/msrc/p/aug-2014-security-bulletin-q-a.aspx
August 2014 Security Bulletin Webcast Q&A
- http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details .aspx
Malicious Software Removal Tool: August 2014 Update



Security Events and Training



http://www.microsoftvirtualacademy.com/training-courses/managing-office-365-ide ntities-and-services
Microsoft Virtual Academy (MVA): Managing Office 365 Identities and Services

If you are evaluating, planning for, deploying, and operating Office 365 services, including its identities, dependencies, requirements, and supporting technologies, check out this course from Microsoft Virtual Academy. This 12-module course focuses on the skills required to set up an Office 365 tenant, including federation with existing user identities, and skills required to sustain an Office 365 tenant and users.


http://www.microsoftvirtualacademy.com/training-courses/office-guides-identity- management-with-office-365
MVA Office Guides: Identity Management with Office 365

Learn how to synchronize your on-premises and cloud-based organizations using Active Directory synchronization, and prepare your organization to install and configure Active Directory Federation Services. You’ll also see how to enable single sign-on access in your organization using Active Directory Federation Services and how to add a custom domain to Office 365 and then convert it to a federated domain.


http://www.microsoftvirtualacademy.com/training-courses/office-guides-configuri ng-exchange-protection-and-control
MVA Office Guides: Configuring Exchange Protection and Control

Explore some of the data loss prevention features and options that make it easier to protect sensitive data in the new Exchange and see how data loss prevention features enhance protection of information commonly sent in email, including financial and personal data.


http://www.microsoftvirtualacademy.com/training-courses/securing-lync-deploymen ts
MVA: Securing Lync Deployments

This course explores common security questions and explains how IIS ARR (Application Request Routing) and the addition of Two-Factor Authentication can be used to meet your needs for stronger authentication.






Essential Tools


-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
Security Compliance Manager

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750
Microsoft Security Product Solution Centers


Additional Resources


-
http://www.microsoft.com/about/twc/en/us/blogs.aspx
Trustworthy Computing Security and Privacy Blogs

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources

-
http://www.microsoft-careers.com/go/Trustworthy-Computing-Jobs/194701/ Trustworthy Computing Careers




microsoft.com/about/twcTrustworthy Computing




This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2014 Microsoft Corporation

http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defau lt.aspx
Terms of Use |

http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-U S.aspx
Trademarks


Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=248681
Privacy Statement .



If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc8e2d3448ef48ea9b39f5c8c42d97ac24a168dc7a502ad873459bebb5ef3d071e7&oneClick =newsletter
click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.



To set your contact preferences for other Microsoft communications http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc8e2d3448ef48ea9b39f5c8c42d97ac24a168dc7a502ad873459bebb5ef3d071e7
click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA






---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games