Skip to main content
MSRC

Month Archives: July 2010

MAPP – An Insider's view

Thursday, July 29, 2010

Intro Matt Watchinski here, Senior Director, Sourcefire Vulnerability Research Team (VRT). It’s that time of year again. The mercury is soaring above 100F, and I am crammed onto a “flying bus” heading out to Las Vegas to attend this year’s iteration of the Black Hat and DEF CON conferences. Something about this tradition always leads me to reflect on how the security space has evolved over the years.

Out of Band Release to address Microsoft Security Advisory 2286198

Thursday, July 29, 2010

Today we’re announcing plans to release a security update to address the vulnerability discussed in Security Advisory 2286198 on Monday, August 2, 2010 at or around 10 AM PDT. We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers.

Announcing the upcoming release of EMET v2

Wednesday, July 28, 2010

** UPDATE: Version 2.0 of EMET is now available. Click here to read more about it. * What is EMET? In October 2009, we released a tool on this blog called EMET that provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited.

Community-Based Defense: Looking Outward, Moving Forward

Wednesday, July 28, 2010

Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending against online crime going forward; no one company, individual or technology can do it alone.

May You Live in Interesting Times

Wednesday, July 28, 2010

Handle: StoneZ IRL: Adrian Stone Rank: Senior Security Program Manager Lead Likes: Predictive Analytics, Game Theory, Databases, Sports Cars, NFL Football, Direct People Dislikes: Losing, Liars, Posers, No Talent Clowns It was two years ago at Black Hat that my colleague Katie Moussouris announced the launch of the Microsoft Vulnerability Research (MSVR) program.

The EMET 2.0 Training Video has arrived!

Wednesday, July 28, 2010

Hey there, I’m pleased to announce that the BlueHat team has partnered with the dynamic Microsoft Security Response Center (MSRC) Engineering duo of Andrew Roths and Fermin J. Serna on a training video previewing the new release, version 2.0, of the Enhanced Mitigation Experience Toolkit (EMET). This training video is currently live on the BlueHat site and available for consumption on your own viewing timetable.

Announcing Coordinated Vulnerability Disclosure

Thursday, July 22, 2010

Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of “Responsible Disclosure” to “Coordinated Vulnerability Disclosure.” In recognition of the endless debate between responsible disclosure and full disclosure proponents and its ability to detract from meaningful and productive industry collaboration and customer defense, we believe that the community mindset needs to shift, framing a key point - that coordination and collaboration are required to resolve issues in a way that minimizes risk and disruption for customers.

Black Hat 2010

Thursday, July 22, 2010

BH Landscape Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we’ve been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why?