enhancing customer security: ongoing efforts to help customers dave sayers technical specialist...
Post on 21-Dec-2015
215 views
TRANSCRIPT
Enhancing Customer Security:Enhancing Customer Security:Ongoing Efforts to Help CustomersOngoing Efforts to Help Customers
Dave SayersDave SayersTechnical SpecialistTechnical SpecialistMicrosoft UKMicrosoft UK
AgendaAgenda
Impact of Security on BusinessImpact of Security on Business
Security as an EnablerSecurity as an Enabler
Trustworthy ComputingTrustworthy Computing
Improving SecurityImproving Security
Improving the Patching ExperienceImproving the Patching Experience
Security Technologies for ClientsSecurity Technologies for Clients
Security Technologies for ServersSecurity Technologies for Servers
Commitment to CustomersCommitment to Customers
Impact to BusinessImpact to Business
IndustryIndustry
90% detected security breaches90% detected security breaches44
75% have financial loss from 75% have financial loss from breachesbreaches44
85% detected computer viruses85% detected computer viruses44
80% insider abuse of network 80% insider abuse of network accessaccess44
95% of all breaches avoidable95% of all breaches avoidable55
SecuritySecurity
11 Source: Forrester Research Source: Forrester Research22 Source: Information Week, 26 November 2001 Source: Information Week, 26 November 200133 Source: Netcraft summary Source: Netcraft summary44 Source: Computer Security Institute (CSI) Computer Crime and Security Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002Survey 200255 Source: CERT, 2002 Source: CERT, 2002
14B devices on the Internet by 14B devices on the Internet by 2010201011
35M remote users by 200535M remote users by 200522
65% increase in dynamic Web 65% increase in dynamic Web sitessites33
Impact to Microsoft CustomersImpact to Microsoft Customers
Source: Forrester (Mar 03), Can Microsoft Be Secure?
Security As An EnablerSecurity As An Enabler
Lower Total Cost of OwnershipLower Total Cost of Ownership
Fewer vulnerabilitiesFewer vulnerabilities
Simplify patch managementSimplify patch management
Downtime is expensiveDowntime is expensive
Increase Business ValueIncrease Business ValueConnect with customers Connect with customers Integrate with partners Integrate with partners Empower employees Empower employees
ROIROI
ConnectedConnected
ProductiveProductive
Total Total CostsCosts
DependableDependable
Best Best EconomiEconomi
cscs
What is Trustworthy Computing?What is Trustworthy Computing?
““Trustworthy Computing” means that users Trustworthy Computing” means that users can trust computers and networks to be can trust computers and networks to be
reliable, secure, and private. They can also reliable, secure, and private. They can also trust those who provide products and trust those who provide products and
services.services.
Trustworthy ComputingTrustworthy Computing
Patches proliferatingPatches proliferating
Time to exploit decreasingTime to exploit decreasing
Exploits are more Exploits are more sophisticated sophisticated
Current approach is not Current approach is not sufficientsufficient
Security is our #1 PrioritySecurity is our #1 PriorityThere is no silver bulletThere is no silver bullet
Change requires innovationChange requires innovation
151151180180
331331
Blaster
Blaster
Welchia/ Nachi
Welchia/ Nachi
NimdaNimda
2525
SQL Slammer
SQL Slammer
Days between patch Days between patch and exploitand exploit
Improving SecurityImproving SecurityResponding to the CrisisResponding to the Crisis
Security ResearchersSecurity Researchers
Discover Discover vulnerabilitiesvulnerabilities
Collaborating to fix Collaborating to fix vulnerabilitiesvulnerabilities
Disclosing Disclosing responsiblyresponsibly
Fewer researchers Fewer researchers disclosing disclosing
irresponsibly; irresponsibly; continuing to improvecontinuing to improve
Exploit CodersExploit Coders
Reverse-engineer Reverse-engineer patches & post exploit patches & post exploit
code to the Webcode to the Web
Building community Building community consensus that consensus that
disclosure is not gooddisclosure is not good
Reaching outReaching out
More industry More industry experts are speaking experts are speaking
out against exploit out against exploit codecode
Worm BuildersWorm Builders
Hack together worms Hack together worms with posted exploit code with posted exploit code
& worm toolkits& worm toolkits
Anti-VirusAnti-VirusReward ProgramReward Program
Assisting with technical Assisting with technical forensics workforensics work
Two arrests Two arrests around the around the
Blaster wormBlaster worm
What Microsoft is doingWhat Microsoft is doing
Results:Results:
The Exploit ProcessThe Exploit Process
You’ve Told UsYou’ve Told Us Our Action ItemsOur Action Items
““I can’t keep up…new I can’t keep up…new patches are released patches are released every week”every week”
““The quality of the The quality of the patching process is low patching process is low and inconsistent”and inconsistent”
““I need to know the right I need to know the right way to run a Microsoft way to run a Microsoft enterprise”enterprise”
““There are still too many There are still too many vulnerabilities in your vulnerabilities in your products”products”
Provide Guidance Provide Guidance and Trainingand Training
Mitigate Vulnerabilities Mitigate Vulnerabilities Without PatchesWithout Patches
Continue Improving Continue Improving QualityQuality
Improve the Patching Improve the Patching ExperienceExperience
Progress To DateProgress To Date
TAMs call Premier Customers proactivelyTAMs call Premier Customers proactively MSRC severity rating systemMSRC severity rating system Free virus hotlineFree virus hotline MSDN security guidance for developersMSDN security guidance for developers www.microsoft.com/technet/securitywww.microsoft.com/technet/security
Office XP: Macros off by defaultOffice XP: Macros off by default No sample code installed by defaultNo sample code installed by default IIS and SQL Server off by default in Visual IIS and SQL Server off by default in Visual
Studio.NETStudio.NET
Deployment tools: MBSA, IIS Lockdown, SUS, Deployment tools: MBSA, IIS Lockdown, SUS, WU, SMS Value PackWU, SMS Value Pack
Created STPP to respond to customersCreated STPP to respond to customers PAG for Windows 2000 Security OpsPAG for Windows 2000 Security Ops
SDSD33 + Communications + Communications
Secure by Secure by DesignDesign
Secure by Secure by DefaultDefault
Secure in Secure in DeploymentDeployment
CommunicationsCommunications
Security training for 11,000 engineersSecurity training for 11,000 engineers Security code reviews of old sourceSecurity code reviews of old source Threat modelingThreat modeling ““Blackhat” test coverageBlackhat” test coverage Buffer overrun detection in compile processBuffer overrun detection in compile process
Improve the Patching ExperienceImprove the Patching ExperienceNew Patch PoliciesNew Patch Policies
Extended security support to December 2004Extended security support to December 2004Windows NT4 ServerWindows NT4 Server
Security patches on a monthly predictable Security patches on a monthly predictable release cycle release cycle
Allows for planning a predictable Allows for planning a predictable monthly test and deployment cycle monthly test and deployment cycle
Packaged as individual patches Packaged as individual patches that can be deployed together that can be deployed together
NOTE: Exceptions will be made if customers are at NOTE: Exceptions will be made if customers are at immediate risk from viruses, worms, attacks or other immediate risk from viruses, worms, attacks or other malicious activitiesmalicious activities
Customer PainCustomer PainPatch and update management is the #1 driver of Patch and update management is the #1 driver of dissatisfaction* among IT operations staffdissatisfaction* among IT operations staff
#1 activity that requires work after hours and on weekends #1 activity that requires work after hours and on weekends
#1 activity that’s a ‘waste of time’#1 activity that’s a ‘waste of time’
*Based on results from survey of 462 IT Pros conducted in September 2003. Data shows % of total # of times*Based on results from survey of 462 IT Pros conducted in September 2003. Data shows % of total # of times the activity was listed as one of the top two drivers of 1) wasted time and 2) after hours or weekend work the activity was listed as one of the top two drivers of 1) wasted time and 2) after hours or weekend work
ActivityActivitySITSIT
(1-3 SRVs)(1-3 SRVs)MIT/LITMIT/LIT(4-49 SRVs)(4-49 SRVs)
EITEIT(50+ (50+ SRVs)SRVs)
1.1. Updates, Patches, Hotfixes, Service Updates, Patches, Hotfixes, Service PacksPacks
16.9%16.9% 22.7%22.7% 22.6%22.6%
2.2. Application and SW Install / UpgradeApplication and SW Install / Upgrade 9.1%9.1% 7.3%7.3% 11.4%11.4%
3.3. Server – Management & TroubleshootingServer – Management & Troubleshooting 3.9%3.9% 8.3%8.3% 6.3%6.3%
ActivityActivity SITSIT MIT/LITMIT/LIT EITEIT
1.1. Updates, Patches, Hotfixes, Service Updates, Patches, Hotfixes, Service PacksPacks
20.7%20.7% 22.9%22.9% 25.6%25.6%
2.2. End User SupportEnd User Support 11.7%11.7% 15.3%15.3% 8.8%8.8%
3.3. Communication / Meetings / Dealing with Communication / Meetings / Dealing with Corporate IssuesCorporate Issues
2.7%2.7% 2.1%2.1% 8.4%8.4%
By late 2004: Consolidation to 2 patch installers for W2k By late 2004: Consolidation to 2 patch installers for W2k and later, SQL 2000, Office & Exchange 2003; all patches and later, SQL 2000, Office & Exchange 2003; all patches will behave the same way will behave the same way (update.exe, MSI 3.0)(update.exe, MSI 3.0)
Improved tools Improved tools consistencyconsistency
By mid-2004: Consistent results from MBSA, SUS, SMS, By mid-2004: Consistent results from MBSA, SUS, SMS, Windows Update Windows Update (will all use SUS 2.0 engine for detection)(will all use SUS 2.0 engine for detection)
Reduce patch Reduce patch complexitycomplexity
Reduce risk of Reduce risk of patch deploymentpatch deployment
Now: Increased internal testing; customer testing of Now: Increased internal testing; customer testing of patches before releasepatches before release
By mid-2004: Rollback capability for W2k generation By mid-2004: Rollback capability for W2k generation products and later products and later (MSI 3.0 patches)(MSI 3.0 patches)
Reduce downtimeReduce downtimeNow:Now: Continued focus on reducing rebootsContinued focus on reducing reboots
By late 2004: 30% of critical updates on Windows Server By late 2004: 30% of critical updates on Windows Server 2003 SP1 installed w/o rebooting 2003 SP1 installed w/o rebooting (“hot patching”)(“hot patching”)
Your NeedYour Need Our ResponseOur Response
Improve the Patching ExperienceImprove the Patching ExperiencePatch EnhancementsPatch Enhancements
Reduce patch sizeReduce patch sizeBy late 2004: Substantially smaller patches for W2k By late 2004: Substantially smaller patches for W2k generation and later OS & applications generation and later OS & applications (Delta patching (Delta patching technology, next generation patching installers)technology, next generation patching installers)
Improved tools Improved tools capabilitiescapabilities
May 2004: Microsoft Update (MU) hosts patches for W2k May 2004: Microsoft Update (MU) hosts patches for W2k server, and over time SQL 2000, Office & Exchange 2003server, and over time SQL 2000, Office & Exchange 2003
By mid-2004: SUS 2.0 receives content from MU & adds By mid-2004: SUS 2.0 receives content from MU & adds capabilities for targeting, basic reporting and rollbackcapabilities for targeting, basic reporting and rollback
Patching Technologies – SUS 1.0Patching Technologies – SUS 1.0
Internal Windows UpdateInternal Windows Update
Windows 2000 Professional, Windows 2000 Windows 2000 Professional, Windows 2000 Server, Windows XP, Windows Server 2003Server, Windows XP, Windows Server 2003
For critical updates, security updates and For critical updates, security updates and service packsservice packs
Administrators maintain control over which Administrators maintain control over which items are publisheditems are published
Windows Update ServicesWindows Update Services
Top Features RequestedTop Features RequestedSoftware Update Software Update
Services 1.0 Services 1.0 SP1SP1
Windows Windows Update Update
ServicesServices
Support for service packsSupport for service packs Install on SBS and domain controllerInstall on SBS and domain controller Support for Office and other MS productsSupport for Office and other MS products Support additional update content typesSupport additional update content types Update uninstallUpdate uninstall Update targetingUpdate targeting Improve support for low bandwidth networksImprove support for low bandwidth networks Reduce amount of data that needs to be downloadedReduce amount of data that needs to be downloaded Set polling frequency for downloading new updatesSet polling frequency for downloading new updates Minimize need for end user interruptionMinimize need for end user interruption Emergency patch deployment (‘big red button’)Emergency patch deployment (‘big red button’) **
Deploy update for ISV and custom appsDeploy update for ISV and custom apps
NT4 supportNT4 support
Global Education ProgramGlobal Education ProgramTechNet Security SeminarsTechNet Security Seminars
Monthly Security WebcastsMonthly Security Webcasts
www.microsoft.com/eventswww.microsoft.com/events
New Prescriptive GuidanceNew Prescriptive GuidancePatterns and practicesPatterns and practices
How-to configure for securityHow-to configure for security
How Microsoft Secures MicrosoftHow Microsoft Secures Microsoft
Online CommunityOnline CommunitySecurity Zone for Security Zone for IT ProfessionalsIT Professionals
Authoritative Enterprise Security GuidanceAuthoritative Enterprise Security Guidancehttp://www.microsoft.com/technet/security/bestprac.asphttp://www.microsoft.com/technet/security/bestprac.asp
Providing Guidance and TrainingProviding Guidance and TrainingIT ProfessionalsIT Professionals
Make customer more resilient Make customer more resilient to attack, even when patches to attack, even when patches
are not installedare not installed
Help stop known & unknown vulnerabilitiesHelp stop known & unknown vulnerabilities
Goal: Make 7 out of every 10 patches Goal: Make 7 out of every 10 patches installable on your scheduleinstallable on your schedule
Beyond PatchingBeyond Patching
Windows XP SP2 Windows XP SP2 Improved network protectionImproved network protection
Safer email and Web browsingSafer email and Web browsing
Enhanced memory protectionEnhanced memory protection
RTM based on customer feedbackRTM based on customer feedback
Windows Server 2003 SP1Windows Server 2003 SP1Role-based security configurationRole-based security configuration
Inspected remote computersInspected remote computers
Inspected internal environmentInspected internal environment
RTM H2 CY04 RTM H2 CY04
Delivering Security TechnologiesDelivering Security Technologies
Security technologies for clientsSecurity technologies for clients
Security enhancements that protect Security enhancements that protect computers, even without patches…included computers, even without patches…included in Windows XP SP2; more to followin Windows XP SP2; more to follow
Helps stop network-based attacks, Helps stop network-based attacks, malicious attachments and Web content, malicious attachments and Web content, and buffer overrunsand buffer overruns
Network protection:Network protection: Improved ICF, DCOM, Improved ICF, DCOM, RPC protection turned on by defaultRPC protection turned on by default
Safer browsing:Safer browsing: Pop-up blocking, protection Pop-up blocking, protection from accidental installation of potentially from accidental installation of potentially malicious Web contentmalicious Web content
Memory protection:Memory protection: Improved compiler checks Improved compiler checks to reduce stack overruns, hardware NX supportto reduce stack overruns, hardware NX support
Safer email:Safer email: Improved attachment blocking for Improved attachment blocking for Outlook Express and IMOutlook Express and IM
What it isWhat it is
What it doesWhat it does
Key FeaturesKey Features
Securing the Server PlatformSecuring the Server Platform
Windows Server 2003 – Secure by DefaultWindows Server 2003 – Secure by Default
IIS 6.0IIS 6.0
Reduced Automatic ServicesReduced Automatic Services
Smart card requirements for administrative Smart card requirements for administrative operationsoperations
Limited use of blank passwordsLimited use of blank passwords
Encrypting the offline files databaseEncrypting the offline files database
Software Restriction PoliciesSoftware Restriction Policies
Internet Connection FirewallInternet Connection Firewall
IE LockdownIE Lockdown
Securing Active DirectorySecuring Active Directory
Delegation of administrationDelegation of administration
Security PoliciesSecurity PoliciesSoftware Restriction PoliciesSoftware Restriction Policies
GPMCGPMCWhat-If ScenariosWhat-If Scenarios
Import GPOsImport GPOs
Cross-Forest Kerberos TrustCross-Forest Kerberos Trust
Authentication FirewallAuthentication Firewall
SID FilteringSID Filtering
QuotasQuotas
Security GuidesSecurity Guides
Security technologies for EnterprisesSecurity technologies for Enterprises
Only clients that meet corporate security Only clients that meet corporate security standards can connect…included in standards can connect…included in Windows Server 2003 SP1; more to follow Windows Server 2003 SP1; more to follow
Protects enterprise assets from infected Protects enterprise assets from infected computerscomputers
Role-based security configuration: Role-based security configuration: Locks Locks down servers for their specific taskdown servers for their specific task
Inspected remote computers and internal Inspected remote computers and internal environment:environment:
Enforce specific corporate security requirements Enforce specific corporate security requirements such as patch level, AV signature level & firewall such as patch level, AV signature level & firewall statestate
Ensure these standards are met when VPN and Ensure these standards are met when VPN and local wired or wireless connections are madelocal wired or wireless connections are made
What it isWhat it is
What it doesWhat it does
Key FeaturesKey Features
Continue Improving QualityContinue Improving QualityTrustworthy Computing Release ProcessTrustworthy Computing Release Process
M1
M2
Mn
Beta
DesignD
evel
op
men
t
Release
Support
SecurityReview
SecurityReview
Each component team develops threat Each component team develops threat models, ensuring that design blocks models, ensuring that design blocks applicable threatsapplicable threats
Develop & Test
Develop & Test
Apply security design & coding standardsApply security design & coding standards
Tools to eliminate code flaws (PREfix & Tools to eliminate code flaws (PREfix & PREfast)PREfast)
Monitor & block new attack techniquesMonitor & block new attack techniques
Security Push
Security Push
Team-wide stand downTeam-wide stand down
Threat model updates, code review, test Threat model updates, code review, test & documentation scrub& documentation scrub
Security Audit
Security Audit
Analysis against current threatsAnalysis against current threats
Internal & 3Internal & 3rdrd party penetration testing party penetration testing
Security ResponseSecurity
Response
Fix newly discovered issuesFix newly discovered issues
Root cause analysis to proactively Root cause analysis to proactively find and fix related vulnerabilitiesfind and fix related vulnerabilities
Design docs & specifications
Development, testing &
documentation
Product
Service Packs,QFEs
Critical or important vulnerabilities in the first…Critical or important vulnerabilities in the first…
33 66
……90 days90 days ……180 days180 days
88 2121
TwC release?TwC release?
YesYes
NoNo
For some widely-deployed, existing products:For some widely-deployed, existing products:
Mandatory for all new products:Mandatory for all new products:
Continue Improving QualityContinue Improving QualityContinue Improving QualityContinue Improving Quality
Bulletins sinceBulletins sinceTwC releaseTwC release
Shipped July 2002, 16 months ago (as of Nov. 2003)Shipped July 2002, 16 months ago (as of Nov. 2003)
11
Bulletins in 16 Bulletins in 16 month period prior month period prior
to TwC releaseto TwC release
66Service Pack 3Service Pack 3
Bulletins sinceBulletins sinceTwC releaseTwC release
Shipped Jan. 2003, 10 months ago (as of Nov. 2003)Shipped Jan. 2003, 10 months ago (as of Nov. 2003)
22
Service Pack 3Service Pack 3
1111
Bulletins in 10 Bulletins in 10 month period prior month period prior
to TwC releaseto TwC release
Patch InvestmentsPatch InvestmentsExtended Support for NT4 ServerExtended Support for NT4 Server
Improved Patching Experience – Windows Update Improved Patching Experience – Windows Update ServicesServices
Global Education EffortGlobal Education Effort500,000 customers trained by June 2004500,000 customers trained by June 2004
New Security “Expert Zone”New Security “Expert Zone”
PDC Security SymposiumPDC Security Symposium
Security InnovationsSecurity InnovationsSecurity technologies for Windows clientSecurity technologies for Windows client
Security technologies for Windows serverSecurity technologies for Windows server
Commitment to CustomersCommitment to CustomersCommitment to CustomersCommitment to Customers
H1 04H1 04 H2 04H2 04 FutureFutureTodayToday
Extended Extended supportsupport
Monthly Monthly patch patch releasesreleases
Baseline Baseline guidanceguidance
Community Community InvestmentsInvestments
Windows XP Windows XP SP2SP2
Patching Patching enhancementsenhancements
SMS 2003SMS 2003
Windows Windows Update Update ServicesServices
Microsoft Microsoft UpdateUpdate
Broad trainingBroad training
Windows Windows Server 2003 Server 2003 SP1SP1
Security Security technologiestechnologies
Next Next generation generation inspectioninspection
NGSCB NGSCB Windows Windows hardeninghardening
Continued Continued OS-level OS-level security security technologiestechnologies
Lockdown servers, workstations Lockdown servers, workstations and network infrastructureand network infrastructure
Lockdown servers, workstations Lockdown servers, workstations and network infrastructureand network infrastructure
Design and deploy a proactive Design and deploy a proactive patch management strategypatch management strategy
Design and deploy a proactive Design and deploy a proactive patch management strategypatch management strategy
Centralize policy and Centralize policy and access managementaccess management
Centralize policy and Centralize policy and access managementaccess management
ResourcesResourcesGeneralGeneral
http://www.microsoft.com/securityhttp://www.microsoft.com/security
Technical Resources for IT ProfessionalsTechnical Resources for IT Professionalshttp://www.microsoft.com/technet/securityhttp://www.microsoft.com/technet/security
Best Practices for Defense in DepthBest Practices for Defense in Depthhttp://www.microsoft.com/technet/security/bestprac.asphttp://www.microsoft.com/technet/security/bestprac.asp
How Microsoft Secures MicrosoftHow Microsoft Secures Microsofthttp://www.microsoft.com/technet/itsolutions/msit/ http://www.microsoft.com/technet/itsolutions/msit/ security/mssecbp.aspsecurity/mssecbp.asp
MSDN Security Development ToolsMSDN Security Development Toolshttp://msdn.microsoft.com/security/downloads/tools/ http://msdn.microsoft.com/security/downloads/tools/ default.aspxdefault.aspx
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
ResourcesResourcesEnterprise Security GuidanceEnterprise Security Guidance
Design and Deploy a Proactive Patch Management StrategyDesign and Deploy a Proactive Patch Management StrategyMicrosoft Guide to Security Patch Management: Microsoft Guide to Security Patch Management: http://www.microsoft.com/http://www.microsoft.com/technettechnet/security/topics/patch/security/topics/patch
Lockdown Servers, Workstations and Network InfrastructureLockdown Servers, Workstations and Network InfrastructureMicrosoft Windows XP Security Guide Overview - Microsoft Windows XP Security Guide Overview - http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.asphttp://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.aspThreats and Countermeasures Guides for Windows Server 2003 and Windows XP: Threats and Countermeasures Guides for Windows Server 2003 and Windows XP: http://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH00.asphttp://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH00.aspWindows Server 2003 Security: Windows Server 2003 Security: http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.asphttp://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.aspSecuring your Network: Securing your Network: http://msdn.microsoft.com/en‑us/dnnetsec/html/THCMCh15.asphttp://msdn.microsoft.com/en‑us/dnnetsec/html/THCMCh15.aspPerimeter Firewall Service Design: Perimeter Firewall Service Design: http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm5http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm57.asp7.aspNetwork Access Quarantine for Windows Server 2003: Network Access Quarantine for Windows Server 2003: http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspxhttp://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx
Centralize Policy and Access ManagementCentralize Policy and Access ManagementMicrosoft Identity and Access Management Solution: Microsoft Identity and Access Management Solution: http://www.microsoft.com/technet/security/topics/identity/idmanagehttp://www.microsoft.com/technet/security/topics/identity/idmanageArchitecture, Deployment, and Management: Architecture, Deployment, and Management: http://www.microsoft.com/technet/security/topics/architechttp://www.microsoft.com/technet/security/topics/architec
Continue Improving QualityContinue Improving QualityMaking ProgressMaking Progress
.NET Framework (for 2002 & .NET Framework (for 2002 & 2003)2003)ASP.NET (for 2002 & 2003)ASP.NET (for 2002 & 2003)Biztalk Server 2002 SP1Biztalk Server 2002 SP1Commerce Server 2000 SP4Commerce Server 2000 SP4Commerce Server 2002 SP1Commerce Server 2002 SP1Content Management Server Content Management Server 20022002Exchange Server 2003Exchange Server 2003Host Integration Server 2002Host Integration Server 2002Identity Integration Server Identity Integration Server 20032003Live Communications Server Live Communications Server 20032003MapPoint.NETMapPoint.NET
Office 2003Office 2003Rights Mgmt Client & Rights Mgmt Client & Server 1.0Server 1.0Services For Unix 3.0Services For Unix 3.0SQL Server 2000 SP3SQL Server 2000 SP3Visual Studio .NET 2002Visual Studio .NET 2002Visual Studio .NET 2003Visual Studio .NET 2003Virtual PCVirtual PCVirtual ServerVirtual ServerWindows CE (Magneto)Windows CE (Magneto)Windows Server 2003Windows Server 2003Windows Server 2003 Windows Server 2003 ADAMADAM
2323 Products In the TwC Release Process Products In the TwC Release Process
RatingRating DefinitionDefinition Customer ActionCustomer Action
CriticalCriticalExploitation could allow the propagation Exploitation could allow the propagation of an Internet worm such as Code Red or of an Internet worm such as Code Red or Nimda without user actionNimda without user action
Apply the patch or workaround Apply the patch or workaround immediatelyimmediately
ImportantImportantExploitation could result in compromise of Exploitation could result in compromise of the confidentiality, integrity, or availability the confidentiality, integrity, or availability of users’ data, or of the integrity or of users’ data, or of the integrity or availability of processing resourcesavailability of processing resources
Apply patch or workaround as Apply patch or workaround as soon as is feasiblesoon as is feasible
ModerateModerateExploitability is mitigated to a significant Exploitability is mitigated to a significant degree by factors such as default degree by factors such as default configuration, auditing, need for user configuration, auditing, need for user action, or difficulty of exploitationaction, or difficulty of exploitation
Evaluate bulletin, determine Evaluate bulletin, determine applicability, proceed as applicability, proceed as appropriateappropriate
LowLow Exploitation is extremely difficult, or Exploitation is extremely difficult, or impact is minimalimpact is minimal
Consider applying the patch at Consider applying the patch at the next scheduled update the next scheduled update intervalinterval
Revised November 2002Revised November 2002
More information at More information at http://www.microsoft.com/technet/security/policy/rating.asphttp://www.microsoft.com/technet/security/policy/rating.asp
Improving Patching Experience Improving Patching Experience Security Bulletin Severity Rating SystemSecurity Bulletin Severity Rating SystemFree Security Bulletin Subscription ServiceFree Security Bulletin Subscription Service
http://www.microsoft.com/technet/security/bulletin/notify.asphttp://www.microsoft.com/technet/security/bulletin/notify.asp
The Forensics of a VirusThe Forensics of a Virus
Vulnerability reported to us /
Patch in progress
Bulletin & patch available
No exploit
Exploit code in public Worm in the world
July 1 July 16 July 25 Aug 11
ReportReport Vulnerability in Vulnerability in
RPC/DDOM RPC/DDOM reportedreported
MS activated MS activated highest level highest level emergency emergency response processresponse process
BulletinBulletin MS03-026 delivered MS03-026 delivered
to customers to customers (7/16/03)(7/16/03)
Continued outreach Continued outreach to analysts, press, to analysts, press, community, community, partners, partners, government government agenciesagencies
ExploitExploit X-focus (Chinese X-focus (Chinese
group) published group) published exploit toolexploit tool
MS heightened MS heightened efforts to get efforts to get information to information to customerscustomers
WormWorm Blaster worm Blaster worm
discovered –; discovered –; variants and other variants and other viruses hit viruses hit simultaneously (i.e. simultaneously (i.e. “SoBig”)“SoBig”)
Blaster shows the complex Blaster shows the complex interplay between security interplay between security researchers, software researchers, software companies, and hackerscompanies, and hackers
Malicious Web Malicious Web contentcontent
Buffer overrun Buffer overrun attacksattacks
Port-based Port-based attacksattacks
Malicious e-mail Malicious e-mail attachmentsattachments
Client Attack VectorsClient Attack Vectors
Potentially Potentially infected remote infected remote clientclientPotentially Potentially
infected local infected local clientclient
Enterprise Attack VectorsEnterprise Attack Vectors
Available NowAvailable Now
17 prescriptive books17 prescriptive books
How Microsoft secures Microsoft How Microsoft secures Microsoft
Later this year and throughout 2004Later this year and throughout 2004More prescriptive & how-to guidesMore prescriptive & how-to guidesTools & scripts to automate common tasksTools & scripts to automate common tasks
Focused on operating a secure environment Focused on operating a secure environment
Patterns & practices for defense in depthPatterns & practices for defense in depth
Enterprise security checklist – the single place for Enterprise security checklist – the single place for authoritative security guidanceauthoritative security guidance
Security Guidance for IT ProsSecurity Guidance for IT ProsSecurity Guidance for IT ProsSecurity Guidance for IT Pros