Forefront Client Security Deployment Tool on CodePlex

Just ran across this and thought I’d share…

==================

The Forefront Client Security Deployment Tool is a free toolkit that is meant to provide additional deployment capabilities in addition to those who are available with the RTM Version of FCS . This tool gives network and security administrators the ability to scan their network and/or AD, discover existing solutions that are already installed on their clients, uninstall the existing solution and install FCS Client – all in one.

Home: http://www.codeplex.com/fcscompete

Files: http://www.codeplex.com/fcscompete/Release/ProjectReleases.aspx

Microsoft Security Advisory (954474) – affects ConfigMgr 2007

System Center Configuration Manager 2007 Blocked from Deploying Security Updates

Microsoft is investigating public reports of a non-security issue that affects environments with System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft is aware of reports from customers who are experiencing this issue.

Upon completion of the investigation, Microsoft will take the appropriate action to resolve the problem within System Center Configuration Manager 2007.

Mitigating Factors:

• This issue impacts customers using System Center Configuration Manager 2007 servers to deploy updates to SMS 2003 clients.

 

Read the full Advisory…

http://www.microsoft.com/technet/security/advisory/954474.mspx

Microsoft Forefront Integration Kit for Network Access Protection (NAP) released

Source: Forefront Client Security Team Blog

The Forefront Client Security team is pleased to announce the public availability of the Microsoft Forefront Integration Kit for Network Access Protection (NAP)!

NAP is a technology provided with Windows Server 2008, and works with Vista and Windows XP with Service Pack 3. With NAP, you can restrict network access based on the computer’s compliance with your corporate security policy. Computers out of compliance can be prevented from accessing the network until they have remediated the items out of compliance.

For more information about the Integration Kit, including features and customer stories, see the  Solution Accelerators blog (http://blogs.technet.com/secguide/default.aspx), and the Solution Accelerators TechNet site (http://technet.microsoft.com/en-us/library/cc512112.aspx). To download the Integration Kit, see the Microsoft Download center.

Microsoft releases the Security Compliance Management toolkit for ConfigMgr 2007

The toolkit provides best practices from Microsoft about how to plan, deploy, monitor, and remediate a security baseline. The toolkit includes 12 Configuration Packs that you can use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 to monitor Windows Vista®, Windows® XP Service Pack 2 (SP2), and Windows Server® 2003 SP2.

The toolkit also offers a proven method that your organization can use to effectively monitor the compliance state of recommended security baselines for Windows Vista®, Windows® XP Service Pack 2 (SP2), and Windows Server® 2003 SP2. You can monitor computers running these operating systems using the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 with the Configuration Packs the toolkit provides. In addition, you can quickly and easily run reports to demonstrate how your organization is meeting important compliance regulations.
The Security Compliance Management toolkit includes the following components:

  • Security Compliance Management Overview.docx: This document describes the overall security compliance management process and the steps that the toolkit recommends to achieve security compliance using prescribed security baselines.
  • DCM Configuration Pack User Guide.docx: This user guide describes how to load and operate the Configuration Packs in the desired configuration management (DCM) feature of System Center Configuration Manager 2007.
  • SecurityComplianceManagement.msi: This Microsoft Windows Installer (.msi) file includes 12 Configuration Packs to provide security baseline checks for Windows Vista, Windows XP SP2, and Windows Server 2003 SP2.
  • Informational Materials.zip: The materials include a Security Compliance Management Data Sheet and a FAQ that explain how the guidance for the toolkit can benefit your organization.

To view this accelerator online at TechNet click here.

Send questions or feedback to us directly at secwish@microsoft.com

Secure Vantage ACS Administrators Quick Reference

Secure Vantage graciously released this quick reference guide to the myITforum.com community.

You can download the guide at this link:

http://myitforum.com/cs2/files/folders/security/entry118223.aspx

What is ACS?

Secure Vantage Technologies has launched a series of solutions that leverage the enhanced monitoring capabilities of Operations Manager 2007 and Audit Collection Services. With Audit Collection and the new MOM service-oriented monitoring structure, Secure Vantage has vastly improved current product offerings in the Windows Server Security market. They continue to work closely with Microsoft to deliver Compliance Security Solutions designed for Operations Manager 2007 and ACS.

Check it out…

http://www.securevantage.com/Products/Audit_Collection.aspx

Early Warning: 7 patches from Microsoft for June 2008

Microsoft Security Bulletin Advance Notification for June 2008

http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx?pf=true

3 Critical

Bulletin Identifier
Bluetooth Bulletin

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software section.

Bulletin Identifier
Internet Explorer Bulletin

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows, Internet Explorer. For more information, see the Affected Software section.

Bulletin Identifier
DirectX Bulletin

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software section.

 

3 Important

Bulletin Identifier
WINS Bulletin

Maximum Severity Rating

Important

Impact of Vulnerability

Elevation of Privilege

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software section.

Bulletin Identifier
Active Directory Bulletin

Maximum Severity Rating

Important

Impact of Vulnerability

Denial of Service

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software section.

Bulletin Identifier
PGM Bulletin

Maximum Severity Rating

Important

Impact of Vulnerability

Denial of Service

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software section.

 

– and –

1 Moderate

Bulletin Identifier
Kill Bit Bulletin

Maximum Severity Rating

Moderate

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.

Affected Software

Microsoft Windows. For more information, see the Affected Software section.