Hello,

his security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.

This security update is rated Important for all supported editions of Windows Server 2003, 32-bit and x64-based editions of Windows Server 2008, and x64-based editions of Windows Server 2008 R2.

Please update your systems ASAP!!!

Info is here:

http://technet.microsoft.com/en-us/security/bulletin/ms12-017

Thanks,

Ohad Plotnik (Plotniko)
Identity and Security Architect, MVP

Foreity LTD – Intelligent Security

www.ForefrontSecurity.org

Hello,

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

This security update is rated Important for all supported releases of Microsoft Windows.

Please update your systems ASAP!!!

Info is here:

http://technet.microsoft.com/en-us/security/bulletin/MS12-018

Thanks,

Ohad Plotnik (Plotniko)
Identity and Security Architect, MVP

Foreity LTD – Intelligent Security

www.ForefrontSecurity.org

Hello,

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol.

The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. This security update is rated Critical for all supported releases of Microsoft Windows.

Please update your systems ASAP!!!

For more information :

http://technet.microsoft.com/en-us/security/bulletin/ms12-020

 Thanks,

Ohad Plotnik (Plotniko)
Identity and Security Architect, MVP

Foreity LTD – Intelligent Security

www.ForefrontSecurity.org

Hello,

 Today I sent a virus sample to the Microsoft MMPC team,

That was analyzed as the “TrojanDownloader:Win32/Delf.QR”

The full reply from Microsoft was:

 Analysis of the file(s) in Submission ID MMPC12020732034853 is now complete. This is the final email that you will receive regarding this submission.

The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 2/7/2012 11:39:15 AM Pacific Time. Below is the determination for your submission.

 ======== Submission ID MMPC12020732034853 Submitted Files =============================================

VIRUS.rar [Container]

+---ForeFront.rar [Container]

+---EXE.exe [TrojanDownloader:Win32/Delf.QR]

+---UpdateOffice.rar [Container]

+---UpdateOffice.exe [TrojanDownloader:Win32/Delf.QR]

+---UpdateOffice2.rar [Not Malware]

The following links contain more information regarding the detections listed above: http://go.microsoft.com/...ownloader:Win32/Delf.QR

Your submission was scanned using antimalware definition version 1.119.1519.0. ========

The detections listed above are included in the latest pre-release definition available for download. For more information please visit the pre-release definition update download page available at: http://www.microsoft.com...eReleaseSignatures.aspx Alternatively, detections listed above will be available for users who subscribe to the automatic definition update mechanism in the next regularly scheduled release, as well as users who choose to manually update their definition library available via the MMPC Portal available on: http://www.microsoft.com...al/Definitions/ADL.aspx If you have questions relating to this submission please contact mailto:mmpcres@microsoft.com and reference your submission ID. We would like to find ways to improve our service to you. Please take a few minutes and fill out our short customer survey for this incident.

 You can navigate to our short (6 question) survey here: http://www.zoomerang.com/Survey/WEB22CHRC7QCL5/ ============================================= Additional Help For customers who do not have an antivirus solution, Microsoft Security Essentials can be downloaded at no charge here: http://www.microsoft.com/security_essentials/ For more information about updating definitions and answers to other questions, visit the following link: http://www.microsoft.com...red/Help.aspx#new_defns If you need immediate assistance and information on best practices for removing malware in your environment, additional support options are available at the following websites: For IT Professionals - http://support.microsoft.com/gp/securityitpro For Home Users - http://support.microsoft...lt.aspx?pr=securityhome

 Thank you,

Microsoft Malware Protection Center

 Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

PING

The latest version the Microsoft Security Compliance Manager (SCM) tool—version 2.5—is now available for beta download and review!

NEW baselines include:

* Exchange Server 2007 SP3 Security Baseline

* Exchange Server 2010 SP2 Security Baseline

Updated client product baselines include:

* Windows 7 SP1 Security Compliance Baseline

* Windows Vista SP2 Security Compliance Baseline

* Windows XP SP3 Security Compliance Baseline

* Office 2010 SP1 Security Baseline

* Internet Explorer 8 Security Compliance Baseline

SCM 2.5 enables you to quickly configure and manage your desktops and laptops, traditional data center, and private cloud using Group Policy and Microsoft System Center Configuration Manager.

Get the beta download from Microsoft Connect at https://connect.microsof....aspx?DownloadID=40885.

After you download and become familiar with updates in SCM 2.5, please provide us with your feedback.Your opinion is very important to us. We would especially appreciate your feedback in the following areas:

* Relevance.How relevant is the information for your organization?

* Usefulness.How will you use these product baselines? How does the SCM 2.5 tool provide value?

* Usability. Is the baseline configuration information easy to follow? Can you easily find key content?

* Consistency. Is the content in the security guides consistent with the setting recommendations and
Vulnerability information?

* General Quality. Please provide us with your opinion on the general quality of the product baseline content. Would you recommend SCM 2.5 to colleagues?

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello All, 

Claims-based identity seeks to control the digital experience and allocate
digital resources based on claims made by one party about another.
A party can be a person, organization, government, website,
web service, or even a device. The very simplest example of a claim is
something that a party says about itself.

As the authors of this book point out, there is nothing new about
the use of claims. As far back as the early days of mainframe computing,
the operating system asked users for passwords and then passed
each new application a “claim” about who was using it. But this world
was based to some extent on wishful thinking because applications
didn’t question what they were told.

As systems became interconnected and more complicated, we
needed ways to identify parties across multiple computers. One way
to do this was for the parties that used applications on one computer
to authenticate to the applications (and/or operating systems) that
ran on the other computers. This mechanism is still widely used—for
example, when logging on to a great number of Web sites.

However, this approach becomes unmanageable when you have
many co-operating systems (as is the case, for example, in the enterprise).
Therefore, specialized services were invented that would register
and authenticate users, and subsequently provide claims about
them to interested applications. Some well-known examples are
NTLM, Kerberos, Public Key Infrastructure (PKI), and the Security
Assertion Markup Language (SAML).

If systems that use claims have been around for so long, how can
claims-based computing be new or important? The answer is a variant
of the old adage, “All tables have legs, but not all legs have tables.” The
claims-based model embraces and subsumes the capabilities of all the
systems that have existed to date, but it also allows many new things
to be accomplished. This book gives a great sense of the resultant
opportunities.

http://www.microsoft.com/download/en/details.aspx?id=28362&WT.mc_id=rss_alldownloads_all

Enjoy :)

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello All!

Microsoft has released Hotfix Rollup 4 for Forefront Protection 2010 for Exchange.

http://support.microsoft.com/kb/2619883

This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.
Issues that are fixed in Hotfix Rollup 4 for Forefront Protection 2010 for Exchange:

1. Email is sent to the Forefront Protection for Exchange UNDELIVERABLE folder instead of being delivered

2. UNC and proxy credentials are stored in clear text in the Forefront Protection for Exchange file system

3. The Forefront Protection for Exchange FSEMachinePrep.exe fails with a fatal error

4. The external sender does not receive the expected

5. Forefront Protection for Exchange generated notification

6. Forefront Protection for Exchange generates a notification with a blank subject line

7. Forefront Protection for Exchange virus engine updates fail between the passive node and active node in CCR clusters
Forefront Protection for Exchange only accepts 7-digit License Agreement numbers

8. Email queues at startup on an Exchange server running Forefront Protection for Exchange

Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
Blog: blogs.microsoft.co.il/blogs/Plotniko

Hello!

We have the honor to invite you to the Israel Security User Group December 2011 meeting - Hacking & Securing Active Directory.

Date: 20.12.11

Time: 18:00

Location: Microsoft Israel – Hapnina 2 Raanana Israel

This event will show the audience a high level overview for taking strategic decisions about planning and securing Active Directory infrastructure in an enterprise environment.Active Directory is the foundation upon which the rest of Windows security and services depends. Active Directory (AD) is the infrastructure behind the other security and services infrastructures, such as Exchange, Lync, PKI, identity management, Network Access Protection, Group Policy and more and more...The event will provide Network \ System-Infrastructure \ Application \ development professionals with an overview necessary to Understand, Hack, design, Implement and support a variety of network services, security measures and securing protocols needed in an Active Directory managed network.

Main subjects that will be covered on the event:

• Introduction to Securing and Hacking ADIT Challenges Business Needs

• AD Components - AD Architecture

• Authentication Authorization and SSO

• AD protocols- Weaknesses and vulnerabilities

• Application Layer, Network Layer, Infrastructure Layer and Physical Attacks

• Application Layer, Network Layer, Infrastructure Layer and Physical Defenses

Live Demos…

Lecturing in the event:

Idan Plotnik Identity and Security Engineer, Forefront MVP

Ohad Plotnik-Security User group leader Identity and Security Architect, Forefront MVP

Register @:
http://securityu.eventbrite.com

Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello all,

While installing and implementing Active Directory Federation Services at one of our customers site, i came across this Vulnerability, Pay attention and defend yourselves

http://www.securityfocus.com/bid/37215

http://technet.microsoft.com/en-us/security/bulletin/MS09-070

http://xforce.iss.net/xforce/xfdb/54425

Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello World,

Following is a great security TIP:

Do you think your PC has a virus?

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.

For real-time protection that helps to guard your home or small business PCs against viruses, spyware, and other malicious software, download Microsoft Security Essentials.

http://www.microsoft.com/security/scanner/en-us/default.aspx

Enjoy :)

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello all,

After some of you asking, i was thinking it will be better to post it here,
The Forefront Protection Server Management Console (FPSMC) is requiring these ports to be open to function properly:

80
HTTP port. Enables communication between the web browser and FPSMC, as well as all HTTP communication from FPSMC to the internet.

445
Required for FPSMC agent deployment (unidirectional: FPSMC server to the managed computer)

8815
The deployment agent listens on this port on a managed server to receive commands from the FPSMC agent (unidirectional: FPSMC server to the managed computer).

8816
The push installer listens on this port on the managed servers (unidirectional: FPSMC server to the managed computer).

8817
The NotificationService on the FPSMC server listens on this port to receive data (such as quarantine and stats) from the managed servers.

Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello all!

Next Release of Windows Intune Now Available! - PC MANAGEMENT & SECURITY IN THE CLOUD

Perform security and management tasks remotely from a web-based console.
Help secure PCs from malware and virus threats with endpoint protection.
Deploy most updates and line of business applications through the cloud.
Greater performance and security with available Windows 7 Enterprise upgrade.

Get Free 30 Day Trial Now

http://www.microsoft.com/en-us/windows/windowsintune/pc-management.aspx
Enjoy :)

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hello!

FYI... The Windows 8 Developer Preview is a pre-beta version of Windows 8 for developers. These downloads include prerelease software that may change without notice. The software is provided as is, and you bear the risk of using it. It may not be stable, operate correctly or work the way the final version of the software will. It should not be used in a production environment. The features and functionality in the prerelease software may not appear in the final version. Some product features and functionality may require advanced or additional hardware, or installation of other software.

http://msdn.microsoft.com/en-us/windows/apps/br229516

On: http://msdn.microsoft.com/en-us/subscriptions/default.aspx You can also download a preview of Windows Server (MSDN subscribers only)

Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hey,

As some articles and forums says, you can also read here, FYI:

Enterprises require easily managed remote access solutions for end users connecting to private or public clouds. Most remote access solutions require changes in user behavior because the remote access connection must be manually initiated. Additionally, enterprises have difficulty managing remote machines and ensuring they remain compliant with enterprise policies. The hybrid cloud extends an enterprise’s data center to span both private and public clouds, and presents new opportunities for remote access solutions. With Windows Server 8, partners can build and package remote access appliances to meet customer requirements including policy compliance and simplified user behavior, thereby driving down support costs. In this session, we will demonstrate how remote access appliances provide customer value by simplifying deployment logistics and offering enhanced feature support. New functionality including simplified configuration, new monitoring capabilities, highly available and scale, remote provisioning of clients and cloud based cross-premise connectivity will be highlighted.

Enabling the hybrid cloud using remote access appliances
http://channel9.msdn.com/Events/BUILD/BUILD2011/SAC-668T

So, probably with next version of windows server you will get all of it on one package and no more UAG...

 Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org

Hi! 

I would like to share with you a great Interview with Curtis Parker from the Forefront Online Protection team:

FYI...
Its IT Time and in today’s episode, Blain Barton and John Baker welcome Curtis Parker from the Forefront Online Protection team. Tune in as Curtis gives us a tour of Forefront’s new features for Exchange, as he explains how Office 365 customers can simplify the management and security experience through this innovative service.
http://blogs.technet.com/b/blainbar/archive/2011/09/20/it-time-technet-radio-interview-with-curtis-parker-from-the-forefront-online-protection-team.aspx

Thanks,

Ohad Plotnik (Plotniko)
MVP-Forefront
System&network
Security Architect
ForefrontSecurity.org