Tuesday, February 10, 2009
Sveika! Hey Steve here, been a while since I posted on the EcoStrat blog. With all the security events that happened during the latter half of 2008, I have been very focused on working with the security update releases and Microsoft Active Protections Program (MAPP). Handle: Cap’n Steve IRL: Steve Adegbite
Tuesday, February 10, 2009
Today we’re releasing four new security bulletins as part of our regular monthly release process. · MS09-002 rated Critical that addresses two code execution vulnerabilities in Internet Explorer. · MS09-003 rated Critical that addresses one code execution vulnerability and one denial of service vulnerability in Exchange Server. · MS09-004 rated Important that addresses one code execution vulnerability in SQL Server.
Monday, February 09, 2009
小野寺です。 前回紹介した株式会社インターネットイニシアティブ (IIJ) の Internet Infrastructure Review の第 2 版が公開されたようです。
Friday, February 06, 2009
Very briefly, I wanted to let everyone know that based on customer request, we’ve posted two new pages that provide information you can use to protect against and remove Conficker. These pages consolidate information that we have related to the Conficker incident and provide links to the other, more detailed resources like the Microsoft Malware Protection Center weblog and encyclopedia.
Thursday, February 05, 2009
小野寺です。 今月は、計 4 件 (緊急 2 件, 重要 2 件) の公開を予定しています。 リリース日は、週明け水曜日 (2/11)
Thursday, February 05, 2009
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Feb. 10, 2009 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Wednesday, February 04, 2009
It used to be easy to be in the security industry. All you had to do is develop products that needed to say “nay” or “yay” on a given content and “bless” it to be secure or not. That is so 2007… As we have been witnessing during a turbulent 2008 (and yes – it actually started in 2007…) nowadays the ability to decide whether a given content (note the distinction between content and file…) is malicious or not is much more complicated.
Monday, February 02, 2009
Microsoft has been talking about community-based defense for some time now. This week, I want to provide a personal dimension to the campaign, and give an update on recent activities. Curiously, as I started to write this post, a couple of phrases popped up, which despite being somewhat trite, seemed appropriate – “change is constant” and “the more things change the more they stay the same.
Monday, February 02, 2009
The original Security Vulnerability Research & Defense (SVRD) blog was launched in 2007, with the intent of providing more information about vulnerabilities in Microsoft software, mitigations and workarounds and active attacks. The blog is now expanding its focus a bit (and changing its name slightly), to include postings contributed by the Microsoft Security Engineering Center (MSEC) Security Science team.
Monday, February 02, 2009
One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. These techniques are commonly referred to as exploit mitigations and have been delivered to users in the form of features like /GS, Data Execution Prevention (DEP), and Address Space Layout Randomization (ASLR).
