If you need some help figuring out which Titan best suits you, you have to check out the “Titanfall” Personality Test. You can take the written portion of the Full Combat Certification exam to find the Titan that matches your style of play.

At the end of the test, you’ll receive a customized badge with your name and designated Titan class that you can share on the Xbox Facebook page or with @Xbox on Twitter.

Head over to Xbox Wire to find out more about the personality test.

You might also be interested in:

• “Titanfall” now available on Xbox One
• Video: “Titanfall” launch party at SXSW
• Video: Tackle “Titanfall” with these tips and tricks
  

Athima Chansanchai
Microsoft News Center Staff

Microsoft has released an update for Microsoft Lync 2013. This update provides the latest fixes for Lync 2013. This update version is 15.0.4569.1508.

http://support.microsoft.com/kb/2863908/en-us

Prerequisites

To install this Lync 2013 update, make sure that the following updates are installed.

For more information about how to download these packages, click the following article number to view the article in the Microsoft Knowledge Base:

• 2727096 - Description of the Office 2013 update: August 13, 2013
• 2817624 - Description of the Office 2013 update: September 10, 2013
• 2817626 - Description of the Office 2013 update: September 10, 2013

How to obtain and install the update

The following file is available for download from the Microsoft Download Center:

32-bit

Download the 32-bit Lyncloc update package now.

64-bit

Download the 64-bit Lyncloc update package now.

American women, on average, earn 77 cents for every dollar that men make, as cited by President Obama. That’s the prevailing ratio when discussing the national wage gap and the still-solid glass ceiling. Our gut reaction is to scream “gender inequity!” but taking a closer look at how the demands of family life (e.g., children) incur different demands on men and women, we get a more accurate picture of why this ratio endures. In fields where women make up half (or more) of the talent pool, this gap is narrow to non-existent. Today, there’s an opportunity for women to join the growing business and STEM workforce. This could also be an opportunity to narrow the wage gap.

25 years of gains and hang-ups

In the 1980s, the national wage gap narrowed from 60.2 cents for every $1 in 1980 to 71.6 cents in 1990. By comparison, this ratio has barely budged in the last decade. Before diving into the possible causes of stagnation, however, we should consider how these numbers are obtained.

When we say, “women earn 77 cents for every dollar men make,” it doesn’t mean that a man and woman standing side-by-side, doing the same work will earn, respectively, one dollar and 77 cents for their efforts.  Rather, it means that the median earnings of full-time female workers is 77 percent of the median earnings of full-time male workers. It doesn't speak to any other factors that determine pay, such as the type of job, education, experience, or hours worked.

Workplace inefficiencies = gender inequity

In this paper, labor economists analyze and compare the career outcomes of MBAs who graduated between 1990 and 2006 from top US business schools. They found that although male and female MBAs have nearly identical incomes at the outset of their careers, their earnings soon diverge, with men earning more (annually) as soon as 10 years after MBA completion.

This divergence is largely because of differences in career interruptions and weekly hours worked. In general, women were found to have more career interruptions and work shorter hours (including more part-time and self-employed work)—the main reason being children. Although these interruptions may not seem significant at the time, for women with children, it adds up to about an eight-month deficit in actual post-MBA experience compared with men. Similarly, women with children typically work 24 percent fewer weekly hours than the average male.

According to these findings, it’s the workplace that’s discriminating against women—but could it change?

Power in numbers

According to the study, “a tipping point may have been reached in fields where women have become a majority (or nearly the majority) of the young talent (such as medicine, veterinary medicine, optometry, pharmacy, and accounting).” In other words, career interruptions and the amount of hours worked had less of an impact in fields where there is a “larger share (or critical mass) of women in the talent pool.”

Although this is not yet the case for MBAs and the business and financial sectors there’s a growing opportunity in these professions as well as in science, technology, engineering, and mathematics (STEM) careers. It’s estimated that by 2020 that there will be 1.4 million programming jobs available in the United States. Right now, four of the 20 top-paying jobs for women are in computing, a field in which only about 25 percent of workers are female. Soon there will be a shortage, a need, and (above all) an opportunity for women to break into these fields in large numbers.

When it comes to the gender wage gap, numbers do make a difference. Having more women in top-paying, business and STEM careers can help transform the workplace and equalize those measures that determine pay grade. The next question is: how do we turn this opportunity into action?

The Keynote and videos (featuring Canadian MVPs!) from last week's SharePoint Conference in Las Vegas: http://channel9.msdn.com/Events/SharePoint-Conference/2014

2014年 3 月 12 日 (日本時間)、マイクロソフトは計 5 件 (緊急 2 件、重要 3 件) の新規セキュリティ情報を公開しました。新規セキュリティ情報を公開すると共に、既存のセキュリティ アドバイザリ 2 件の更新を行いました。なお、今月の「悪意のあるソフトウェアの削除ツール」では、新たに確認した 2 種類のマルウェアに対応しています。

お客様はできるだけ早期に、今月公開のセキュリティ更新プログラムを適用するようお願いします。企業のお客様で適用に優先付けが必要な場合は、MS14-012 (Internet Explorer) のセキュリティ更新プログラムを優先的に適用することを推奨いたします。この更新プログラムはマイクロソフト セキュリティ アドバイザリ 2934088「Internet Explorer の脆弱性により、リモートでコードが実行される」で説明した脆弱性に対応したものです。

■ 既存のセキュリティ アドバイザリの更新 (2 件)

• セキュリティ アドバイザリ 2934088「Internet Explorer の脆弱性により、リモートでコードが実行される」
  セキュリティ情報 MS14-012 (Internet Explorer) を公開し、本脆弱性に対処したセキュリティ更新プログラムを公開しました。

• セキュリティ アドバイザリ 2755801「Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム」
  Adobe セキュリティ速報 APSB14-08で説明している脆弱性を解決する更新プログラム 2938527 を公開しました。

  ■2014年 3月のセキュリティ情報一覧
  各セキュリティ情報の概要、各脆弱性の悪用可能性指標 (Exploitability Index)、更新プログラムのダウンロード先などがご覧いただけます。
  http://technet.microsoft.com/ja-jp/security/bulletin/ms14-Mar

  マイクロソフトは新たに確認した脆弱性について、次の 5 件の新しいセキュリティ情報を公開しました。

■最新のセキュリティ情報を動画と音声でまとめて確認
マイクロソフト セキュリティ レスポンス チームが IT プロの皆さまに向けて、短時間で最新のセキュリティ更新プログラムの知りたいポイントを動画と音声でご紹介する今月のマイクロソフトワンポイントセキュリティ情報は本日午後公開予定です。ご視聴いただくことで、最新のセキュリティ更新プログラムの適用優先度や再起動・回避策の有無、確認している既知の問題などをまとめて入手できます。Web キャスト公開後に、こちらのブログでもお知らせします。

■Windows XPとOffice 2003のサポート終了について

2014 年 4 月 8 日 (火) (米国時間) に Windows XP と Office 2003 のサポートが終了となります。Windows XPのサポート終了についてWindows XP上でポップアップでも通知される予定です (詳細はこちら)。ぜひ以下のセキュリティ リスクをご確認いただき、まだの方は移行をご検討ください。

• Windows XP サポート終了後のセキュリティ～ マルウェア感染率が示すリスク

• サポート終了後の Windows XP、マルウェア対策ソフトが動いていれば安心？

• サポート終了後のセキュリティ～ネットに接続しなければ大丈夫？

• サポート終了後のセキュリティ～危険なサイトにアクセスしなければ大丈夫？

• サポート終了後のセキュリティ～重要な情報は保存していないから大丈夫 ?

• Windows XP 上でなければ Office 2003 を使い続けても安全？

Esse alerta tem por objetivo fornecer uma visão geral dos novos boletins de segurança disponibilizados em 11 de março de 2014.Novos boletins de segurança são disponibilizados mensalmente para tratar vulnerabilidades críticas de nossos produtos.

A Microsoft está disponibilizando cinco novos boletins de segurança para vulnerabilidades recém-descobertas:

Os sumários dos novos boletins podem ser encontrados em http://technet.microsoft.com/pt-br/security/bulletin/MS14-mar.

A Microsoft relançou um comunicado de segurança em 11 de março de 2014. Confira a seguir uma visão geral sobre esse comunicado de segurança:

• A Microsoft está lançando uma versão atualizada da Ferramenta de Remoção de Software Mal-Intencionado no Windows Server Update Services (WSUS), Windows Update (WU) e no Centro de Download. Informações sobre a Ferramenta de Remoção de Software Mal-Intencionado estão disponíveis em http://support.microsoft.com/?kbid=890830.

   

• Atualizações de alta prioridade Microsoft não relacionadas à segurança estarão disponíveis no Microsoft Update (MU), Windows Update (WU) ou Windows Server Update Services (WSUS) e serão detalhadas no artigo do KB em http://support.microsoft.com/?id=894199.

A Microsoft realizará um webcast para responder a perguntas de clientes sobre estes boletins:

Título: Informações sobre boletins de segurança Microsoft de Março (nível 200)

EM PORTUGUÊS

Data: Quinta-feira, 13 de março de 2014, 15:30hrs horário de Brasília

URL:https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032575579&culture=pt-BR

EM INGLÊS

Data: Quarta-feira, 12 de março de 2014, 11:00hrs Horário do Pacífico - 15:00hrs horário de Brasília

URL:https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572977

Nas tabelas de softwares afetados e não afetados a seguir, as edições de software não listadas já encerraram seus ciclos de vida de suporte. Para determinar o ciclo de vida do suporte de seu produto e edição, visite o site de Ciclo de Vida de Suporte Microsoft emhttp://support.microsoft.com/lifecycle/.

Fornecemos a você informações precisas de forma estática (neste e-mail) e dinâmica (na Web). O conteúdo de segurança da Microsoft publicado na Web é atualizado ocasionalmente para refletir informações alteradas. Se os resultados forem inconsistentes entre a informação desta mensagem e a informação no conteúdo de segurança do site da Microsoft, a informação do site deve ser considerada a autoritativa/correta.

Se você tiver qualquer dúvida sobre este alerta entre em contato com seu gerente de contas técnico.

Atenciosamente,

Equipe de segurança Microsoft CSS

Esta alerta es para ofrecerle una descripción general de los nuevos boletines de seguridad publicados el 11 de marzo de 2014.Los boletines de seguridad se publican mensualmente para resolver las vulnerabilidades de problemas críticos.

Microsoft publica los siguientes cinco boletines de seguridad para vulnerabilidades recientemente descubiertas:

Los resúmenes para nuevos boletines se pueden encontrar en http://technet.microsoft.com/security/bulletin/MS14-mar.

Microsoft volvió a publicar un aviso de seguridad el 11 de marzo de 2014. Esta es una descripción general de este aviso de seguridad que se volvió a publicar:

• Microsoft libera una versión actualizada de la Herramienta de eliminación de software malintencionado en Microsoft Windows en Windows Server Update Services (WSUS), Windows Update (WU) y el Centro de descargas. La información sobre la Herramienta de eliminación de software malicioso en Microsoft Windows está disponible en http://support.microsoft.com/?kbid=890830.

   

• Las actualizaciones de Microsoft no relacionadas con seguridad de alta prioridad que estarán disponibles en Microsoft Update (MU), Windows Update (WU) o Windows Server Update Services (WSUS) se detallan en el artículo de KB encontrado en http://support.microsoft.com/?id=894199.

Microsoft realizará una transmisión Web para abordar las preguntas de los clientes sobre estos boletines:

Cargo: Información sobre los Boletines de seguridad de Microsoft de marzo (Nivel 200)

Fecha: Miércoles, 12 de marzo de 2014, 11:00 a.m., hora del Pacífico (EE.UU. y Canadá).

URL:https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572977

En las siguientes tablas de software afectado y no afectado, las ediciones de software que no están en la lista han expirado su ciclo de vida de soporte. Para determinar el ciclo de vida de soporte de su producto y edición, visite el sitio Web del Ciclo de vida del soporte de Microsoft en  http://support.microsoft.com/lifecycle/.

Nos esforzamos por proporcionarle información precisa en contenidos estáticos (este correo) y dinámicos (basados en la Web). Ocasionalmente se actualiza el contenido de seguridad de Microsoft colocado en la Web para reflejar la información más reciente. Si esto resulta en una inconsistencia entre la información en este documento y la información en los contenidos de seguridad basados en la Web de Microsoft, éstos últimos prevalecerán.

Si tiene alguna pregunta sobre esta alerta, póngase en contacto con su Gerente Técnico de la cuenta.

Gracias,

Microsoft CSS Security Team

Merhaba arkadaşlar,

Bu Çarşamba gününde sizlere kısa ve öz bir şekilde bir wiki özelliğinden bahsetmek istiyorum. Makalelerimizde çok fazla tablo kullanmadığımızın farkına vardım ve acaba blog postlarında tablo kullanımını nasıl artırabiliriz diye düşündüm ve tabloyu incelemeye başladım. Bugün tablo üzerinde hazır Css Class Layout'ler nasıl kullanılır bu kısmı anlatacağım. 

Tablo oluşturmak için aşağıdaki resimde işaretli bölümü tıklayarak oluşturmak istediğiniz tablo satır sütün sayısına göre bir tablo oluşturabilirsiniz.  

Oluşturduğunuz tablomuzu seçip sağ tuşa basalım ve Set Cell Properties ise tablo özelliklerine erişebiliriz.

Tablo özelliklerinde Table Properties tabına erişitiğimizde aşağıdaki resimdeki gibi sağ taraftaki bölümde işaretlediğim bölümdeki CSS Layout'lardan birisini seçerek tablonuzu görsel olarak daha hoş bir duruma getirebilirsiniz.

Aşağıdaki resimdeki gibi seçmiş olduğunuz CSS Layout'un tablonuza uygulanmış halini hemen alttaki Preview bölümünde görebilirsiniz.

İçerisinde tablo ve tablolar kullandığınız blog postlarınızın tags bölümüne has table tag'ini eklemeyi unutmayınız.

Makalelerinizde daha çok tablo ve tablolar kullanmanız dileklerimle.

The Kinect for Windows team turned to James Ashley, a leader in developing with Kinect for Windows and a Microsoft Most Valuable Professional (MVP,) for a Q&A on his experiences with the preview sensor. He has been in the Developer Preview program for three months and he had some advice for other Kinect for Windows developers.

Ashley, who has also blogged about Kinect for Windows v2, answered questions about the “cool things” he’s been doing with the sensor and SDK, features he’s used and what he’s heard from other developers.

He responds with example from the National Retail Federation, where he and the Windows 8 team created an instant retail store. Also, “We used the Kinect for Windows v2 sensor and SDK to drive an interactive soccer game built in Unity’s 3D toolset, in which 3D soccer avatars were controlled by the player's full body movements: when you won a game, a signal was sent by using Arduino components to drop a drink from a vending machine.”

He’s heard “a lot of really great feedback” and advises Kinect for Windows v2 sesnor developers to be “willing to feel stupid again for about six months,” in terms of being open to trying new things. “At the end of that time, you'll be glad you made the effort.”

Head over to the Kinect for Windows Blog to see the rest of Ashley’s answers and check out the video above, too.

You might also be interested in:

• “Titanfall” now available on Xbox One
• Get work done faster with “Oslo” – the next-generation search and discovery tool in Office 365
• 8-year-old creates Kids Zone app using Windows Phone App Studio
  

Athima Chansanchai
Microsoft News Center Staff

This post is in response to a question I get pretty frequently when talking about Yammer.  The question that many folks want to know is "how can I crawl my Yammer content from SharePoint?"  Well, unfortunately you can't, and I have no trick up my sleeve to show you otherwise today to say otherwise.  However, that doesn't mean that you can't have a nice consolidated set of search results that includes content from both Yammer and SharePoint, and that's the point of today's post.  By the way, this code sample is based on a demo that I showed at the 2014 SharePoint Conference, so for those of you that were looking for some of that code, here you go.

As I've mentioned many times when talking to folks about Yammer development, there is a number of REST endpoints for your programming pleasure.  After mentioning this in about three different venues I decided it would just be easier to write something up to demonstrate and that's exactly what I did.  What we'll walk through today is the specific implementation that I used for this case.  So to begin with, let's look at my out of the box search results page when I do a search for products.  Because of the incredibly bad way in which this blog site deals with pictures, I'm just going to give you a link to the picture here; CTRL + Click to open it in a new browser tab:  https://onedrive.live.com/?cid=96D1F7C6A8655C41&id=96D1F7C6A8655C41%217884&v=3&mkt=en-US#cid=96D1F7C6A8655C41&id=96D1F7C6A8655C41%217885&v=3.

Okay, so I've previously posted about using the Yammer REST endpoints from .NET.  For this example I simply built out from that sample code, as I've been suggesting all of you do when you find something else you need to code for that it does not cover.  You can find that original post and sample code at http://blogs.technet.com/b/speschka/archive/2013/10/05/using-the-yammer-api-in-a-net-client-application.aspx.  With that in hand, I decided to write my own REST endpoint for this example.  So why did I decide to do that?

• I wanted to demonstrate the use of the new CORS support in WebAPI 2.1.  This allows me to define what hosts can make cross-domain calls into my REST endpoint to query for Yammer data.  That gives me an additional layer of security, plus it now lets me make those client-side cross domain calls to my endpoint.
• I wanted to have something that delivered HTML as the result.  That allows me to ensure that anyone querying Yammer gets the same exact user experience no matter what application they are using.
• I wanted to have something that could be reused in many different applications - could be other web apps, could be Windows 8 apps, could be mobile apps, whatever - with a simple REST endpoint there's no end to the possible reuse.
• In my scenario, I wanted to be able to issue queries against Yammer even for people that didn't have Yammer accounts.  So in this scenario what I did was to use a service account to make all the query requests.  By "service account", I just mean I created an account in Yammer whose only purpose in life is to provided me with an access token that I can use to programmatically read or write content with Yammer.  For more details about access tokens in Yammer please see my initial post on this topic that I linked to above.

So with that being said, I started out by adding all the custom classes for serializing Yammer JSON data to my project, along with my code for making GET and POST requests to Yammer (as described in the original blog post).

The next thing I did was build a little console app to test out sending in a query to Yammer and getting back a set of search results.  I do that to a) get down the process for issuing the query and b) getting the JSON back so I can build out a new class into which I can serialize the set of search results.  I've attached some source code to this posting, so you can find the YammerSearchResults class and see how I incorporated that into the project.  I'll also look at it in a little more detail later in this post.

Once I had all of that foundational pieces in place, I created my new WebAPI endpoint.  There are many places out on the web where you can get your WebAPI info; for me I used the example from Mike Wasson here as my starting point for learning everything I needed for this project:  http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api.  With my new WebAPI controller class created, I next enabled CORS support in my project by adding this to the WebApiConfig.cs file (in the App_Start folder)

//enable cross site requests

config.EnableCors();

Now that my project supports CORS, I need to flesh out the where and how for supporting it.  To do that I added this attribute to the WebAPI controller class:

[EnableCors(origins: "http://localhost:1629,https://saml.vbtoys.com,https://sps2", headers: "*", methods: "*")]

So the main things worth pointing out here are that I added a list of hosts that I trust in the origins attribute.  The "localhost:1629" reference is in there because that's the web dev server that Visual Studio created for a test web application project I created.  I used that to test the functionality of the REST endpoint in just a standard HTML page before I ever tried to incorporate it into SharePoint.  The saml.vbtoys.com and sps2 hosts are ones that I use for SharePoint provider-hosted apps and SharePoint respectively.  So that allows me to use it both in my provider-hosted apps as well as SharePoint itself.  Finally the headers and methods attributes are configured to allow all headers and methods through.

The next thing I did was create the method in my WebAPI controller that I use to execute the query against Yammer and return results.  The method signature for it looks like this:

// GET api/<controller>?search=steve%20peschka

publicHttpResponseMessage Get(string search)

So as you can see, I'm going to take a string as input - my search string - and I'm going to return an HttpResponseMessage.  Inside my method, the code should look quite familiar if you have seen my original post on Yammer dev with .NET - I'm just using my MakeGetRequest and GetInstanceFromJson methods:

List<SearchResult> finds = newList<SearchResult>();

string response = YammerREST.MakeGetRequest(searchUrl + "?search=" + search, accessToken);

YammerSearchResults ysr = YammerSearchResults.GetInstanceFromJson(response);

The "searchUrl" is just the standard Yammer REST endpoint for search, and the "accessToken" is the access token I got for my Yammer service account.  Okay, so I got my set of search results back, but one of the first things I noticed is that the search results that are returned include very little information about the user - basically just a Yammer User ID.  Of course, I not only wanted to show the author information, but I also wanted to show the picture of the Yammer user.  This unfortunately does require making another call out to REST to get this information.  In my particular scenario, I only wanted to show the top 3 results from Yammer, so what I did was simply enumerate through the results and get that user information for each one. 

One of the nice things I was able to do with the YammerSearchResults class that I created for this is I was able to reuse the YammerMessages class that I had created in my original posting.  So my search results include a collection of messages (where each message is a message that matches the search criteria), so I can simply use that code from before to enumerate through the results.  This is what that looks like:

foreach(YammerMessage ym in ysr.Messages.Messages)

{

//get the Yammer User that posted each message so we can pull in their picture url

string userUrl = oneUserUrl.Replace("[:id]", ym.SenderID);

response = YammerREST.MakeGetRequest(userUrl, accessToken);

         YammerUser yu = YammerUser.GetInstanceFromJson(response);

//some other stuff here I'll describe next

}

While I'm enumerating through the messages in the search results, I go ahead and make another call out to get the information I want for each user.  Again, I'm able to use the MakeGetRequest and GetInstanceFromJson methods I described in my original post.  With that in hand, I can go ahead and create the dataset I'm going to use to generate the HTML of search results.  In order to do that, I created a local class definition in my controller and a List<> of that class type.  With those pieces in place I can create one record for each search result that includes both the search result information as well as the user information.  My List<> is called "finds" and the code for pulling this all together looks like this (and goes in the enumeration loop above, where it says "some other stuff I'll describe next"):

//add a new search results

finds.Add(newSearchResult(yu.FullName, yu.WebUrl, yu.FirstName,

ym.MessageContent.RichText, yu.PhotoUrl, DateTime.Parse(ym.CreatedAt),

ym.WebUrl));

iCount += 1;

if (iCount == 3)

break;

As you can see, I'm plugging in the message from the search result with "ym.MessageContent.RichText", and all of the rest of the fields are information about the user.  Now that I have my list of search results, the rest of the WebAPI controller method is kind of boring.  I just create a big long string in a StringBuilder instance, I add some style info and then I add HTML for each search result.  I then take the results of the big long string and stick it in an HttpResponseMessage to return, like this:

newHttpResponseMessage()

{

                Content = newStringContent(results),

                StatusCode = System.Net.HttpStatusCode.OK

};

Shaboom, and there you go.  Now, perhaps the best part of all of this is on the SharePoint side.  What I decided to do there was to create a new Search vertical.  All that really means is that I added a new search results page to the Pages library in an Enterprise Search site collection.  You then add a new search navigation item in the search settings for the site, and you point that navigation item at the page you added.  Then you go and customize the page to return whatever search results you want.  I'm not covering this in super detail here obviously because it's not really on point with this topic, but it should be relatively easy to find on the web.  If not, say so in the comments and we can always cover that in another blog post.

But...I created my new search vertical and then the changes I made to it were pretty simple.  First, I just plugged in the out of the box search results web parts onto it.  Then, I added an out of the box script editor web part above those.  This is really the beauty of this solution to me - I didn't have to create anything custom in SharePoint at all.  Since it's all just client side script and code, I didn't write a custom web part for SharePoint - I just created my script and pasted it into the out of the box web part.  To complete this story, I would LOVE to paste in here the HTML and javascript that I use in the script editor web part to make this all work.  However, it is completely unusable when pasted into the awesome blog editing tools on this site <sarcasm>.  So instead you'll have to get the attachment to see it - just look for the text file called SharePoint Script Part Snippet.txt.

Now, with all that done, you can click here to see what the final results look here:

https://onedrive.live.com/?gologin=1&mkt=en-US#cid=96D1F7C6A8655C41&id=96D1F7C6A8655C41%217884&v=3

Note that in my particular case I chose to only show search results that were from messages.  You could have just as easily shown search results for people, files, etc.  Also I configured links on the search results so that you can click on any one of them to view the conversation in Yammer.  I also included a link with a "more search results" kind of functionality, and when you click on it a new browser tab opens with the search results page in Yammer, using the query terms that were entered on the page.  So it lets you slide over very easily into Yammer to get the full search experience that it provides too.

Also - as a side note - someone else at SPC mentioned that they took a similar approach but chose to return the results in an OpenSearch compliant Xml format so that it could be added as a federated search result.  That didn't fit my particular scenario, but it's an interesting take on things so I'm including it here for your consideration.  Nice work person that made this comment.  :-)  

O prêmio TechNet Wiki Day de fevereiro foi um dos mais disputados dos últimos meses. Conheça agora o vencedor da maior premiação do TechNet Wiki (pt-BR).

Leia mais em: http://blogs.technet.com/b/wikininjasbr/archive/2014/03/11/ter-231-a-feira-artigo-spotlight-vencedores-do-technet-wiki-day-fevereiro-2014.aspx

こんにちは。Windows Intune Support の及川です。

今回は、デバイス用グループの作成方法についてご案内します。Windows Intune では主にデバイスに対し、タスク (更新プログラム、ソフトウェア、ポリシーなど) の展開を行います。必要に応じて細やかなグループ分けを行うことにより、要件に応じたタスクの管理を行えます。デバイス グループ使用によるメリットを含め、以下よりデバイス グループに関する 3 つの点をご案内いたします。

(※ 必ずしもグループ作成が必要というわけではございません。タスクの展開において、[すべてのデバイス] を選択し、全てのデバイスへ同じタイミング、タスクを展開することができます。)

1. グループ使用のメリット

2. グループ体系の種類

3. グループ作成手順

================================

1. デバイス グループ使用によるメリット

================================

メリット 1: デバイス グループごとに管理を行うことで、異なる内容のタスクを、異なるタイミングで展開できます。

メリット 2: デバイス グループ別にレポートを表示することができます。

メリット 3: デバイス グループにて、デバイスを部署、地域などで分類管理を行うことで、企業内でその他の管理目的のためにグループを使用することができます。

上記メリットを基に、デバイス グループを準備する際に必要となる、グループの体系づくりについて、以下 2. にてご案内いたします。

==========================

2. デバイス グループ体系の種類

==========================

デバイス グループは、主に以下のとおり、1) 並列のデバイス グループ、または 2) 階層別のデバイス グループの 2 つ体系で管理を行うことができます。

1) 並列のデバイス グループ

************************************

各デバイス グループに対し、異なるタスクを展開する場合、以下のように並列のグループを作成し、管理を行います。

[並列のデバイス グループ作成イメージ例]

2) 階層別のデバイス グループ

*************************************

2 - a ) 親グループと子グループの管理

親グループを基に子グループを作成します。

親グループへ全般的なタスクを展開し、別途追加で子グループ  (2 - a) へ更新プログラムやソフトウェアを適用できるようにします。本ブログでは、自動で新規の端末が親 (メイン) グループ配下へ設定されるようにし、デフォルトで展開しているポリシーなどが自動で適用される手順をご案内します。

2 - b) 親グル‐プ配下に属さない、別グループ (例: テスト専用グループ) の管理

親グループとは全く異なるタスクを、本グループ (2 - b) へ適用できるようにします。

[階層別のデバイス グループ作成イメージ例]

以下 3. より、1) 並列のデバイス グループ、2) 階層別のデバイス グループの作成手順をご案内いたします。

=================

3. グループ作成手順

=================

1) 並列のデバイス グループ作成方法

********************************************

Windows Intune 管理コンソール  (https://admin.manage.microsoft.com)

[グループ] - [グループの概要] と選択します。

- 画面右側 [グループの作成] をクリックします。

- グループの作成 ウィザードが表示されます。

- [全般] タブ  

[* グループ名] に任意の名前を設定します。  

[* 親グループの選択] で「すべてのデバイス」を選択します。

[次へ]ボタンをクリックします。 

   - [メンバーシップの基準] タブ

[デバイスの種類] で「コンピューター」を選択します。  

[グループのメンバーシップ] で「空のグループ」を選択します。

    [次へ]ボタンをクリックします。

  - [ダイレクト メンバーシップ] タブ

本グループに含めるデバイスを [含めるメンバー] ウィンドウ横の [参照] ボタンより、選択します。

[メンバーの選択] ウィンドウが表示されます。

左側のウィンドウよりグループに含めるデバイスを選択し、

画面中央の「追加」ボタンにて、右の「選択されている特定のメンバー」ウィンドウへ移動します。

   [OK] ボタンをクリックします。

   [ダイレクト メンバーシップ] タブへ戻ってきた後、[次へ] ボタンをクリックします。

- [概要] タブ

   [完了] ボタンをクリックします。

[グループ] 画面一覧にて、[すべてのモバイル デバイス] の下に、作成した用グループが表示されたことをご確認ください。そして作成した グループ を選択後、画面にて [デバイス] タブをクリックし、対象のデバイスが表示されていることをご確認ください。

2) 階層別のデバイス グループ作成方法

************************************************

2 - A ) 親グループと子グループの作成手順:

==================================

1. 親グループを作成します。

2. 親グループを基に子グループ (2 - a) を作成します。

3. 親へタスクを展開し、必要な場合、別途、子グループ (2 - a) へ追加のタスクを展開します。

1. 親グループを作成します。

--------------------------------------

[グループ] - [グループの概要] と選択します。

- 画面右側 [グループの作成] をクリックします。

- グループの作成 ウィザードが表示されます。

- [全般] タブ  

[* グループ名] に任意の名前を設定します。  

[* 親グループの選択] で「すべてのデバイス」を選択します。

[次へ]ボタンをクリックします。 

- [メンバーシップの基準] タブ

[デバイスの種類] で「コンピューター」を選択します。  

[グループのメンバーシップ] で「親グループのすべてのコンピューター」を選択します。

    [次へ] ボタンをクリックします。

- [ダイレクト メンバーシップ] タブ

    [次へ]ボタンをクリックします。

- [概要] タブ

  [完了] ボタンをクリックします。

[グループ] 画面一覧にて、[すべてのモバイル デバイス] の下に、作成したグループが表示されたことをご確認ください。そして作成した グループを選択後、画面にて[デバイス] タブをクリックし、全デバイスが表示されていることをご確認ください。

2. 親グループを基に子グループ (2 - a) を作成します。

------------------------------------------------------------------------

1. で作成した親グループの下の階層に子グループを作成します。

[グループ] - [グループの概要] と選択します。

- 画面右側 [グループの作成] をクリックします。

- グループの作成 ウィザードが表示されます。

- [全般] タブ  

[* グループ名] に任意の名前を設定します。  

[* 親グループの選択] で「1. で作成したグループ」を選択します。

[次へ] ボタンをクリックします。 

- [メンバーシップの基準] タブ

[デバイスの種類] で「コンピューター」を選択します。  

[グループのメンバーシップ] で「親グループのすべてのコンピューター」を選択します。

    [次へ] ボタンをクリックします。

- [ダイレクト メンバーシップ] タブ

子グループのコンピューターを追加します。

子グループに含めるデバイスを [含めるメンバー] ウィンドウ横の「参照」ボタンより、選択します。

- [メンバーの選択] ウィンドウが表示されます。

左側のウィンドウに表示された親グループのデバイスから子グループへ追加を行いたいデバイスを選択し、画面中央の「追加」ボタンにて、右の「選択されている特定のメンバー」ウィンドウへ移動します。

   [OK] ボタンをクリックします。

[ダイレクト メンバーシップ] タブへ戻ってきた後、[次へ] ボタンをクリックします。

- [概要] タブ

[完了] ボタンをクリックします。

[グループ] 画面一覧にて、[すべてのモバイル デバイス] の下に、作成した子グループが表示されたことをご確認ください。そして作成した グループ を選択後、画面にて [デバイス] タブをクリックし、対象のデバイスが表示されている (子グループだけが含まれている) ことをご確認ください。

3. 親、子グループのそれぞれに更新プログラム、ポリシーを展開します。

----------------------------------------------------------------------------------------------------

デバイス グループを作成後、親グル―プ、そして、その他個別で必要なソフトウェア、更新プログラムを子グループへ展開します

2 - B ) 親デバイス グル‐プ配下に属さない、別デバイス グループ (2- b 例: テスト専用グループ) の作成手順 :

*****************************************************************************************************************************

2 – A) で作成した親子グループに含まれない、別のグループ  (2 - b) の作成方法をご案内します。

1. 親グループから、グループ  (2 - b) 用の端末を除外設定にします。

2. グループ (2 - b) 作成時、グループのメンバーシップで「空のグループ」を設定後、対象端末を選択します。

3. 親グループ、グループ (2 - b) のそれぞれに更新プログラム、ポリシー、ソフトウェアを展開します。

1. 親グループを作成時、グループ (2 - b) 用の端末を除外設定にします。

--------------------------------------------------------------------------------------------------

[グループ] – 親グループを選択します。

- マウス右クリックをし、 [編集] をクリックします。

- [ダイレクト メンバーシップ] タブ

親グループより除外するデバイスを [特定のメンバーを除外] ウィンドウ横の「参照」ボタンより、選択します。

- [メンバーの選択] ウィンドウが表示されます。

左側のウィンドウに表示された親グループから除外するデバイスを選択し、画面中央の「追加」ボタンにて、右の「選択されている特定のメンバー」ウィンドウへ移動します。

   [OK] ボタンをクリックします。

[ダイレクト メンバーシップ] タブへ戻ってきた後、[次へ] ボタンをクリックします。

    [次へ] ボタンをクリックします。

- [概要] タブ

  [完了] ボタンをクリックします。

[グループ] 画面一覧にて、親グループ を選択後、画面にて [デバイス] タブをクリックし、除外設定を行ったデバイス (2 – b グループ) が表示されていないことをご確認ください。

2. グループ (2 - b) 作成時、グループのメンバーシップで「空のグループ」を設定後、対象端末を選択します。

-----------------------------------------------------------------------------------------------------------------------------------------------------

1) 並列のグループ作成方法と同様の手順にて、グループ (2 - b) を作成します。

3. 親グループ、グループ  (2 - b)  のそれぞれに更新プログラム、ポリシー、ソフトウェアを展開します。

---------------------------------------------------------------------------------------------------------------------------------------------

上記の設定により、新しく追加されたコンピューターは自動的に親グループへ含まれ、特定の (例: テスト用) コンピューターのみ、グループ (2 - b テスト用グループ) にて管理ができます。これにより、事前に、グループ (2 - b テスト用グループ)にて、最新の更新プログラムやポリシー変更時の影響を確認後、安心して本番用のグループへタスクを展開することができます。

Here are the top Microsoft Support solutions for the most common issues experienced when using Windows Azure Web Sites (WAWS).

1. Solutions related to Getting Started with WAWS:

• Microsoft Virtual Academy Deep Dive Jump Start
• Windows Azure Web Sites Architecture

2. Solutions related to Creating Web Sites:

• How to Create a Website
• Create and Deploy an ASP.NET Website with Web Matrix
• Create and Deploy a Website from the Gallery 
• Create a Secure ASP.NET MVC App with Membership, OAuth and SQL Database
• Create a Mobile-Friendly REST Service Using ASP.NET Web API and SQL Database
• Develop and Deploy with PowerShell
• Develop and Deploy with the Cross-Platform Command Line Interface
• Create a PHP Website
• Create a WordPress Website from the Gallery

3. Solutions related to Development:

• Using SignalR with Windows Azure Web Sites
• Making Multi-Language Azure Web Sites with PHP, Node.js, .NET and More
• Create a PHP-MySQL WAWS Site and Deploy Using Git

4. Solutions related to Deployment:

• Publishing with Git
• Deploy to Windows Azure Web Sites from Dropbox
• Publishing to WAWS from Any Git/hg Repository
• Staged Publishing in Windows Azure Web Sites
• Deploying an ASP.NET Application to WAWS Using Visual Studio
• Set Up Continuous Delivery with Visual Studio Online
• Publish from Source Control
• Deploying to WAWS with GitHub Using Kudu
• Using Deployment Hooks with WAWS

5. Solutions related to Troubleshooting Windows Azure Web Sites:

• Enable Logging on Your WAWS Site from Visual Studio
• Troubleshooting Windows Azure Web Sites in Visual Studio
• Getting Started with Azure, the Azure SDK and Visual Studio
• Kudu Debug Console
• Debugging a Node.js App Failure

2014년 3월 12일(수)에 발표된 마이크로소프트 보안 공지 발표 내용을 요약하여 제공합니다.
보안 공지는 월 단위로 발표되어 보안 취약점을 해결합니다.

마이크로소프트는 새로 발견된 취약점에 대하여 5개(긴급2,중요3)의 보안 공지를 발표합니다.

================================================
신규 보안 공지
================================================
MS14-012(긴급) Internet Explorer 누적 보안 업데이트(2925418) - Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, Internet Explorer 11
MS14-013(긴급) Microsoft DirectShow의 취약점으로 인한 원격 코드 실행 문제점(2929961)  - Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2
MS14-014(중요) Silverlight의 취약점으로 인한 보안 기능 우회(2932677) - Windows용 Silverlight 5, Mac용 Silverlight 5, Silverlight 5 Developer 런타임
MS14-015(중요) Windows 커널 모드 드라이버의 취약점으로 인한 권한 상승 문제점(2930275) - Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, Windows RT 8.1
MS14-016(중요) 보안 계정 관리자 원격(SAMR) 프로토콜의 취약점으로 인한 보안 기능 우회(2934418) - Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
위에 나열한 영향을 받는 소프트웨어 목록은 간단히 요약한 것입니다. 영향을 받는 구성 요소 전체 목록을 보려면 각 보안 공지를 열고 "영향을 받는 소프트웨어" 부분을 살펴보시기 바랍니다.

================================================
신규 보안 공지 요약 웹 페이지
================================================
신규 공지에 대한 요약은 다음 페이지에 있습니다.
http://technet.microsoft.com/ko-kr/security/bulletin/ms14-Mar

================================================
개정된 보안 권고
================================================
마이크로소프트는 2014년 3월 12일(한국시각)에 보안 권고 2개를 개정합니다. 개정된 내용을 아래와 같이 간단히 요약합니다.

-------------------------------------------------
보안 권고 2934088 Internet Explorer의 취약점으로 인한 원격 코드 실행 문제점
-------------------------------------------------
요약:
Microsoft는 공개적으로 보고된 이 취약점에 대해 조사를 완료했습니다.
이 문제를 해결하기 위해 MS14-012가 게시되었습니다. 사용 가능한 보안 업데이트의 다운로드 링크를 포함하여, 이 문제점에 대한 자세한 내용은 MS14-012를 검토하십시오. 해결된 취약점은 Internet Explorer 메모리 손상 취약점(CVE-2014-0322)입니다.

상세 정보: http://technet.microsoft.com/security/advisory/2934088

-------------------------------------------------
보안 권고 2755801 Internet Explorer에 포함된 Adobe Flash Player의 취약점을 위한 업데이트
-------------------------------------------------
요약:
지원 대상인 모든 Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2 및 Windows RT 8.1 에디션의 Internet Explorer에서 Adobe Flash Player에 대한 업데이트를 사용할 수 있게 되었음을 알려드립니다.
이 업데이트는 Internet Explorer 10 및 Internet Explorer 11 내에 포함된 영향을 받는 Adobe Flash 라이브러리를 업데이트하여 Adobe Flash Player의 취약점을 해결합니다.

Microsoft는 2014년 3월 12일 Windows 8, Windows Server 2012 및 Windows RT의 Internet Explorer 10에 대한 업데이트와 Windows 8.1, Windows Server 2012 R2 및 Windows RT 8.1의 Internet Explorer 11에 대한 업데이트(2938527)를 발표했습니다.
이 업데이트는 Adobe 보안 게시물 APSB14-08에 설명된 취약점을 해결합니다.

상세 정보: http://technet.microsoft.com/security/advisory/2755801

================================================
악성 소프트웨어 제거 도구
================================================
마이크로소프트는 윈도우 악성 소프트웨어 제거 도구의 업데이트된 버전을 Windows Server Update Services (WSUS), Windows Update (WU)와 다운로드 센터에서 제공합니다.
이 도구는 Software Update Services (SUS)를 통해서는 배포되지 않음을 주의하여 주십시오. 마이크로소프트 윈도우 악성 소프트웨어 제거 도구에 대한 정보는 http://support.microsoft.com/kb/890830에서 보실 수 있습니다.

================================================
보안 문제와 관계없지만 중요도가 높은 업데이트
================================================
마이크로소프트는 Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS)를 통해 보안 문제와 관계없지만 중요도가 높은 업데이트를 발표합니다.
오늘 발표한 전체 업데이트의 목록은 다음 기술 자료에서 볼 수 있습니다.

2014년에 변경된 Software Update services 및 Windows Server Update services 내용에 대한 설명
http://support.microsoft.com/?id=894199

================================================
보안 공지 웹 캐스트
================================================
마이크로소프트는 이번 공지에 대한 고객 질문에 답하는 웹 캐스트를 진행합니다.

제목: Information about the March 2014 Security Bulletins
일시: 2014년 3월 13일 (목) 오전 4시 (한국 시각)
URL: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032572977 
(!주의: 모든 나라에서 동시에 참여할 수 있는 질의 응답이기 때문에 영어로 진행됩니다.)

================================================
보안 공지 기술 세부 사항
================================================
아래 영향을 받는 소프트웨어와 영향을 받지 않는 소프트웨어 표에서, 나열되지 않은 소프트웨어는 지원 기간이 지난 제품입니다. 제품과 버전에 대한 지원 기간을 보려면 마이크로소프트 지원 기간 페이지 http://support.microsoft.com/lifecycle/ 를 참고하여 주십시오.

====================================
보안 공지 MS14-012
====================================
제목: Internet Explorer 누적 보안 업데이트

요약: 이 보안 업데이트는 Internet Explorer의 공개된 취약점 1건과 비공개로 보고된 취약점 17건을 해결합니다.
이러한 취약점으로 인해 사용자가 Internet Explorer를 사용하여 특수하게 조작된 웹 페이지를 볼 경우 원격 코드 실행이 허용될 수 있습니다. 취약점 악용에 성공한 공격자는 현재 사용자와 동일한 권한을 얻을 수 있습니다. 시스템에 대한 사용자 권한이 적게 구성된 계정의 사용자는 관리자 권한으로 작업하는 사용자에 비해 영향을 적게 받습니다.

최대 심각도: 긴급

영향을 받는 소프트웨어:
지원 대상인 Windows 에디션의
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
(아래 링크에서 영향을 받는 소프트웨어와 다운로드 위치를 확인하십시오.)

영향을 받지 않는 소프트웨어:
- Server Core설치

취약점: Internet Explorer의 여러 메모리 손상 취약점:
- CVE-2014-0297, CVE-2014-0298, CVE-2014-0299, CVE-2014-0302
- CVE-2014-0303, CVE-2014-0304, CVE-2014-0305, CVE-2014-0306
- CVE-2014-0307, CVE-2014-0308, CVE-2014-0309, CVE-2014-0311
- CVE-2014-0312, CVE-2014-0313, CVE-2014-0314, CVE-2014-0321
- CVE-2014-0322, CVE-2014-0324

취약점으로 인한 영향: 원격 코드 실행

시스템 재시작: 필요함

이번 업데이트로 대체되는 보안 공지:  MS14-010

파일 정보: KB2925418

알려진 문제점: KB2925418
- Windows RT 8.1, Windows 8.1 및 Windows Server 2012 R2에 2904440 사전 설치 필요

상세 정보: http://technet.microsoft.com/ko-kr/security/bulletin/ms14-012

====================================
보안 공지 MS14-013
====================================
제목: Microsoft DirectShow의 취약점으로 인한 원격 코드 실행 문제점 (2929961)

요약: 이 보안 업데이트는 비공개적으로 보고된 Microsoft Windows의 취약점을 해결합니다.
이러한 취약점으로 인해 사용자가 특수하게 조작된 이미지 파일을 열 경우 원격 코드 실행이 허용될 수 있습니다. 취약점 악용에 성공한 공격자는 현재 사용자와 동일한 권한을 얻을 수 있습니다. 시스템에 대한 사용자 권한이 적게 구성된 계정의 사용자는 관리자 권한으로 작업하는 사용자에 비해 영향을 적게 받습니다.

최대 심각도: 긴급

영향을 받는 소프트웨어:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008 x86, x64
- Windows 7
- Windows Server 2008 R2 x64
- Windows 8
- Windows 8.1
- Windows Server 2012
- Windows Server 2012 R2
(아래 링크에서 영향을 받는 소프트웨어와 다운로드 위치를 확인하십시오.)

영향을 받지 않는 소프트웨어:
- Windows Server 2008 IA64
- Windows Server 2008 R2 IA64
- Windows RT
- Windows RT 8.1

취약점:
- DirectShow 메모리 손상 취약점(CVE-2014-0301)

취약점으로 인한 영향: 원격 코드 실행

시스템 재시작: 필요할 수 있음

이번 업데이트로 대체되는 보안 공지: MS13-056

파일 정보: Qedit.dll, Wqedit.dll

알려진 문제점: 없음

상세 정보: http://technet.microsoft.com/ko-kr/security/bulletin/ms14-013

====================================
보안 공지 MS14-014
====================================
제목: Silverlight의 취약점으로 인한 보안 기능 우회 (2932677)

요약: 이 보안 업데이트는 비공개적으로 보고된 Microsoft Silverlight의 취약점을 해결합니다.
공격자가 취약점을 악용할 수 있도록 특수하게 조작된 Silverlight 콘텐츠를 포함한 웹 사이트를 호스팅하고 사용자가 웹 사이트를 보도록 유도하는 경우 이 취약점으로 인해 보안 기능이 우회될 수 있습니다. 그러나 어떠한 경우에도 공격자는 강제로 사용자가 웹 사이트를 방문하도록 만들 수 없습니다. 대신 공격자는 사용자가 전자 메일 메시지 또는 인스턴트 메신저 메시지의 링크를 클릭하여 공격자의 웹 사이트를 방문하도록 유도하는 것이 일반적입니다. 배너 광고에서 특수하게 조작된 웹 콘텐츠를 표시하거나 웹 콘텐츠를 전달하는 다른 방법을 사용하여 영향을 받는 시스템에 대한 공격을 시도할 수도 있습니다.

최대 심각도: 중요

영향을 받는 소프트웨어:
- Mac용 Microsoft Silverlight 5
- Windows용 Silverlight 5
- Silverlight 5 Developer 런타임
(아래 링크에서 영향을 받는 소프트웨어와 다운로드 위치를 확인하십시오.)

영향을 받지 않는 소프트웨어:
- 없음

취약점:
- Silverlight DEP/ASLR 우회 취약점(CVE-2014-0319)

취약점으로 인한 영향: 보안 기능 우회

시스템 재시작: 필요 없음

이번 업데이트로 대체되는 보안 공지: MS13-087

파일 정보: KB2932677

알려진 문제점: 없음

상세 정보: http://technet.microsoft.com/ko-kr/security/bulletin/ms14-014

====================================
보안 공지 MS14-015
====================================
제목: Windows 커널 모드 드라이버의 취약점으로 인한 권한 상승 문제점 (2930275)

요약: 이 보안 업데이트는 Microsoft Windows의 공개된 취약점 1건과 비공개적으로 보고된 취약점 1건을 해결합니다.
가장 위험한 취약점으로 인해 공격자가 시스템에 로그온하고 특수하게 조작된 응용 프로그램을 실행할 경우 권한 상승이 허용될 수 있습니다. 이 취약점을 악용하려면 공격자가 유효한 로그온 자격 증명을 가지고 로컬로 로그온할 수 있어야 합니다.

최대 심각도: 중요

영향을 받는 소프트웨어:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8
- Windows 8.1
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT
- Windows RT 8.1
- Server Core 설치
(아래 링크에서 영향을 받는 소프트웨어와 다운로드 위치를 확인하십시오.)

영향을 받지 않는 소프트웨어:
- 없음

취약점:
- Win32k 권한 상승 취약점(CVE-2014-0300)
- Win32k 정보 유출 취약점(CVE-2014-0323) 

취약점으로 인한 영향: 권한 상승

시스템 재시작: 필요함

이번 업데이트로 대체되는 보안 공지: MS13-101, MS14-003

파일 정보: Win32k.sys

알려진 문제점: 없음

상세 정보: http://technet.microsoft.com/ko-kr/security/bulletin/ms14-015

====================================
보안 공지 MS14-016
====================================
제목: 보안 계정 관리자 원격(SAMR) 프로토콜의 취약점으로 인한 보안 기능 우회 (2934418)

요약: 이 보안 업데이트는 비공개적으로 보고된 Microsoft Windows의 취약점 1건을 해결합니다.
공격자가 사용자 이름에 대한 암호를 알아내기 위해 여러 번 시도하는 경우 이 취약점은 보안 기능 우회를 허용할 수 있습니다.

최대 심각도: 중요

영향을 받는 소프트웨어:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008 x86, x64
- Windows Server 2008 R2 x64
- Windows Server 2012
- Windows Server 2012 R2
- Server Core 설치
(아래 링크에서 영향을 받는 소프트웨어와 다운로드 위치를 확인하십시오.)

영향을 받지 않는 소프트웨어:
- Windows Server 2008 IA64
- Windows 7
- Windows Server 2008 R2 IA64
- Windows 8
- Windows 8.1
- Windows RT
- Windows RT 8.1

취약점:
- SAMR 보안 기능 우회 취약점(CVE-2014-0317)

취약점으로 인한 영향: 보안 기능 우회

시스템 재시작: 필요함

이번 업데이트로 대체되는 보안 공지: MS11-095,MS13-032

파일 정보: KB2934418

알려진 문제점: 없음

상세 정보: http://technet.microsoft.com/ko-kr/security/bulletin/ms14-016

=================================================
정보의 일관성
=================================================
본 메일과 웹 페이지를 통하여 가급적 정확한 내용을 제공하기 위하여 노력하고 있습니다. 웹에 게시된 보안 공지는 최신의 정보를 반영하기 위해 수정되는 경우가 있습니다. 이러한 이유로 본 메일의 정보와 웹 기반의 보안 공지 간에 내용이 불 일치하는 일이 생긴다면, 웹에 게시된 보안 공지의 정보가 더 신뢰할 수 있는 정보입니다.
기술 지원은 지역번호 없이 전화 1577-9700을 통해 한국마이크로소프트 고객지원센터에서 받을 수 있습니다.
보안 업데이트와 관련된 기술 지원 통화는 무료입니다.

감사합니다.
한국마이크로소프트 고객지원부

We wrote several timesin this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. In today’s blog, we’ll go through ASLR one more time to show in practice how it can be valuable to mitigate two real exploits seen in the wild and to suggest solutions for programs not equipped with ASLR yet.

Born with ASLR

ASLR mitigation adds a significant component in exploit development, but we realized that sometimes a single module without ASLR loaded in a program can be enough to compromise all the benefits at once. For this reason recent versions of most popular Microsoft programs were natively developed to enforce ASLR automatically for every module loaded into the process space. In fact Internet Explorer 10/11 and Microsoft Office 2013 are designed to run with full benefits of this mitigation and they enforce ASLR randomization natively without any additional setting on Win7 and above, even for those DLLs not originally compiled with /DYNAMICBASE flag. So, customers using these programs have already a good native protection and they need to take care only of other programs potentially targeted by exploits not using ASLR.

ASLR effectiveness in action

Given the importance of ASLR, we are taking additional efforts to close gaps when ASLR bypasses arise in security conferences from time to time or when they are found in-the-wild used in targeted attacks. The outcome of this effort is to strength protection also for previous versions of Microsoft OS and browser not able to enforce ASLR natively as IE 10/11 and Office 2013 can do. Some examples of recent updates designed to break well-known ASLR bypasses are showed in the following table.

MS BULLETIN	ASLR BYPASS	REFERENCE
MS13-063	LdrHotPatchRoutine	Ref:http://cansecwest.com/slides/2013/DEP-ASLR%20bypass%20without%20ROP-JIT.pdf Reported in Pwn2Own 2013, works only for Win7 x64
MS13-106	HXDS.DLL (Office 2007/2010)	Ref: http://www.greyhathacker.net/?p=585 Seen used in-the-wild with IE/Flash exploits (CVE-2013-3893, CVE-2013-1347, CVE-2012-4969, CVE-2012-4792)
MS14-009	VSAVB7RT.DLL (.NET)	Ref: http://www.greyhathacker.net/?p=585 Seen used in-the-wild with IE exploits (CVE-2013-3893)

We were glad to see the return of these recent ASLR updates in two recent attacks: the Flash exploit found in February (CVE-2014-0502) in some targeted attacks and a privately reported bug for IE8 (CVE-2014-0324) just patched today. As showed from the code snippets below, the two exploits would not have been effective against fully patched machines with MS13-106 update installed running Vista or above.

 

	Exploit code for CVE-2014-0502 (Flash) Unsuccessful attempt of ASLR bypass using HXDS.DLL fixed by MS13-106. NOTE: the code attempts also a second ASLR bypass based on Java 1.6.x
	Exploit code for CVE-2014-0324 (IE8) Unsuccessful attempt of ASLR bypass using HXDS.DLL fixed by MS13-106.

Solutions for non-ASLR modules

The two exploit codes above shows another important lesson: even if Microsoft libraries are compiled natively with ASLR and even if we work hard to fix known ASLR gaps for our products, there are still opportunities for attackers in using third-party DLLs to tamper the ASLR ecosystem. The example of Java 1.6.x is a well-known case: due to the popularity of this software suite and due to the fact that it loads an old non-ASLR library into the browser (MSVCR71.DLL), it became a very popular vector used in exploits to bypass ASLR. In fact, security researchers are frequently scanning for popular 3^rd party libraries not compiled with /DYNAMICBASE that can allow a bypass; the following list is just an example of few common ones.

 

3rd PARTY ASLR BYPASS	REFERENCE
Java 1.6.x (MSVCR71.DLL)	Very common ASLR bypass used in-the-wild for multiple CVEs  NOTE: Java 1.7.x uses MSVCR100.DLL which supports ASLR
DivX Player 10.0.2 Yahoo Messenger 11.5.0.228 AOL Instant Messenger 7.5.14.8	Ref: http://www.greyhathacker.net/?p=756   (not seen in real attacks)
DropBox	Ref:http://codeinsecurity.wordpress.com/2013/09/09/installing-dropbox-prepare-to-lose-aslr/  (not seen in real attacks)
veraport20.Veraport20Ctl Gomtvx.Launcher INIUPDATER.INIUpdaterCtrl	Ref: KISA report http://boho.or.kr/upload/file/EpF448.pdf  (seen in-the-wild with CVE-2013-3893)

 

As noted at beginning of this blog, Internet Explorer 10/11 and Office 2013 are not affected by ASLR bypasses introduced by 3^rd party modules and plugins. Instead, customers still running older version of Internet Explorer and Office can take advantage of two effective tools that can be used to enforce ASLR mitigation for any module:

• EMET (Enhanced Mitigation Experience Toolkit): can be used to enable system-wide ASLR or “MandatoryASLR” selectively on any process;

• “Force ASLR” update KB2639308: makes possible for selected applications to forcibly relocate images not built with /DYNAMICBASE using Image File Execution Options (IFEO) registry keys;

   

Conclusions

ASLR bypasses do not represent vulnerabilities, since they have to be combined with a real memory corruption vulnerability in order to allow attackers to create an exploit, however it's nice to see that closing ASLR bypasses can negatively impact the reliability of certain targeted attacks. We encourage all customers to proactively test and deploy the suggested tools when possible, especially for old programs commonly targeted by memory corruption exploits. We expect that attackers will continue increasing their focus and research on more sophisticated ASLR bypasses which rely on disclosure of memory address rather than non-ASLR libraries.

 

- Elia Florio, MSRC Engineering

 

This July at the Imagine Cup World Finals in Seattle, the top team from each category – Games, Innovation and World Citizenship – will take home $50,000. Now, thanks to a trio of new partnerships, each of those teams is also going to have a life-changing experience.

Microsoft Ventures, Microsoft YouthSpark and PAX will provide a customized Boot Camp for each of the category winners.

The winning team in the Innovation Category will be sent to either London, Berlin or Tel Aviv to spend four weeks in a Microsoft Ventures accelerator program. As part of the global Microsoft YouthSpark initiative to offer education, entrepreneurship and employment opportunities for young people, the winning team in the World Citizenship category gets a trip to Microsoft global headquarters for a week of intensive sessions curated specifically for the team and their project. The winners in the Games category will go to PAX Prime in Seattle and demo their game to attendees, gaining exposure and hands-on feedback from some of the most dedicated gamers in the world.

Starting this month, a new series of Imagine Camps is also launching. These free, two-day events will help student developers improve their skills, while on-site experts review their projects. Available in more than 70 countries around the world, these events will help support the Imagine Cup Windows & Windows Phone Challenge, which asks student teams to create “better together” pairs of apps for both platforms in collaboration with a local business, artist, performer or nonprofit in their community.

Another big opportunity for one World Finals winning team is a private meeting with Bill Gates.

To find out more about these new Imagine Cup prizes and opportunities, head over to the Imagine Cup Official Blog.

You might also be interested in:

• Microsoft in education: “Student safety and privacy rights come first”
• Skype celebrates women inspiring children in science, technology, engineering and math
• 8-year-old creates Kids Zone app using Windows Phone App Studio
  

Athima Chansanchai
Microsoft News Center Staff

Skype Labs, the in-house innovation hub, is celebrating its fifth anniversary of improving the Skype experience for the product’s more than 300 million monthly users, who generate more than 2 billion minutes of Skype audio and video calls every day.

Adriana Dumitras, head of the Skype Labs team, writes that the team has used its expertise in audio, video, computer vision, networking, machine learning, data mining, statistics and quality of experience to create and deliver some of the fundamental and innovative core technologies that have contributed to Skype’s success.

In the weeks ahead, Skype will showcase exciting innovations that focus on users, combine domain knowledge and machine learning, and leverage close collaborations with Skype’s product teams.

To read Dumitras’ post, head over to Skype’s Big Blog.

You might also be interested in:

· Microsoft in education: “Student safety and privacy rights come first”
· This week’s Xbox Live deals: Big savings on “Soulcalibur V,” “Retro City Rampage” and more
· An MVP’s look at the Kinect for Windows v2 developer preview

Suzanne Choney
Microsoft News Center Staff

Kære Partner,

Her er et udpluk af Readiness Træninger rettet mod dig som BI Partner: