Insights into Windows 7 Engineering
Are you interested to learn how Windows 7 (next version of Windows) is engineered? Are you willing to get in touch with the engineering team? Then read their blog: Engineering Windows 7
Roger
The Global Network of Crime
We all know that crime is global and that they are doing their best to leverage the legal shortcomings and the limitations of the cooperation between Law Enforcement agencies. There is a good article about one case in the New York Times which is definitely worth reading:
Global Trail of an Online Crime Ring
Roger
Announcement of the MSRC Ecosystem Strategy Team Blog
Our teams around the Microsoft Security Response Center recently launched a new blog called MSRC Ecosystem Strategy Team Blog. The blog is thought to give more insights into the work we do with the security ecosystem knowing that vulnerabilities and attacks today not “only” affect Microsoft products but very often the Internet as such –…
DetailsSecurity through Collaboration
If you ever heard me keynote an event you know that one of the key messages I have is, that partnerships are necessary in order to be able to protect against today’s threats. At Black Hat USA we just announced a new program called Microsoft Active Protections Program. The program is designed to give security…
DetailsAnnouncing the Exploitability Index
At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability Index by October. Basically…
DetailsHow to react on the DNS attacks
Yes, I am back. I was on vacation and therefore did not take the time to blog.
Just briefly: IBM published a pretty good article on the latest DNS attacks. You can read it here: Responding to the DNS vulnerability and attacks
Roger
Microsoft sponsors Privacy Enhancing Technology Awards
It is not really news anymore as it broke during my vacation. However, it is important from my point of view: We are a proud sponsor (and not for the first time) of the Privacy Enhancing Technology Awards, which recognizes the work of researchers in the area of Privacy Enhancing Technologies. There was a press…
DetailsSome Thoughts on Today’s Bulletins
As always: It is the second Tuesday of the months and we released the Security Updates. However, this month is special from one perspective: We released an update for the DNS resolver, which is released simultaneously by a lot of DNS vendors with the same vulnerability. Here are some technical details about this vulnerability on…
DetailsLaunching Office Subscription
Yes, I know: It is US-only at the moment but it might nevertheless pretty interesting for you: We announced yesterday that we will launch a subscription-based Office version called Equipt. Here is an extract from the announcement: Initially code-named “Albany,” Microsoft Equipt offers consumers Microsoft Office Home and Student 2007, giving them the latest versions…
DetailsInternet Explorer 8 Beta 2: New Features
We announced yesterday some additional features in Internet Explorer 8, which will be part of Beta 2. They are way cool and will help to do some additional significant steps towards a more trustworthy browsing experience. Yesterday we mainly talked about two features: The XSS Filter, which helps to protect from cross-site scripting attacks SmartScreen®…
DetailsVideos of Bill’s Goodbye
In the meantime I think everybody knows that Bill Gates left Microsoft. It is not uncommon at Microsoft that if somebody leaves that he or she sends a mail to people they know like “My last day at Microsoft” saying goodbye (and telling you how you can keep in touch if you want). It was…
DetailsImprovement in Incident Response: ICASI launched
At FIRST in Vancouver the formation of the Industry Consortium for Advancement of Security on the Internet (ICASI) was announced (I love abbreviations J). This consortium addresses in my opinion an important challenge of today’s incident response which is cross-vendor collaboration. A lot of threats and incidents in today’s world are having an impact on…
DetailsHyper-V is {Here}
We just released Windows Server 2008 Hyper-V to manufacturing. You can find more information on our Virtualization Page
Roger
Deploying Forefront Client Security at Microsoft
A question I often get is “How does Microsoft solve the problem x in their IT?” (e.g. How does Microsoft do Patch Management). These questions are usually directed towards MSIT (Microsoft IT as we call it) and not towards Microsoft as a vendor. I guess you know that we have a site called IT Showcase…
DetailsLinks to Microsoft Security Pages
Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs with regards to Microsoft and Security. If you are looking for something, go there and find it J
http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx
Roger
New Information on SQL Injection Attacks
I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting Unverified User Data Input) where we added some additional information. This is especially important as we did not “only” publish guidance but tools as well: Detection – HP Scrawlr (a free scanner from HP) Defense – UrlScan…
DetailsBitlockerâ„¢ completes FIPS 104-2 Certification
I am very proud for the product team to tell you that Windows Vista Bitlockerâ„¢ completes FIPS 140-2 certification. If you are interested, you find the according certificate here.
Roger
Issue deploying updates with SCCM 2007
There seems to be some problems deploying the latest security updates with System Center Configuration Manager 2007 to SMS 2003 Agents. If you have any challenges with that or need more information, please see the just published advisory System Center Configuration Manager 2007 Blocked from Deploying Security Updates
Roger   Â
Money talks in Security – Does it?
Often, when I talk to security people, they are telling me that if they would have more budget and money available, the problem would be much lower. Now, I have been in Qatar last week, one of the richest countries in my region. If you look at the GDP per capita (which is mainly the…
DetailsServer Core in our Security Bulletins
A question that was often raised after the launch of Windows Server 2008 was about Server Core and our Security Bulletins: How do you know whether a Server Core installation needs updating as well? We just added a statement to our Security Bulletins this month answering this question. As an example in MS08-036 we state…
Details