Wednesday, August 10, 2011
Hi everyone, Black Hat this year was really great. We spent a lot of time talking to people and getting new perspectives on the security landscape and of course, we announced the BlueHat Prize contest. The reaction to the contest was outstanding. In fact, within the first 24 hours, we had already received a few submissions and a bunch of questions indicating a lot of interest in winning the $200,000 grand prize.
Tuesday, August 09, 2011
Hello all. It has been very nearly a week since our BlueHat Prize contest announcement at Black Hat. Now that everyone’s had some time to digest the basics, we’ve asked Senior Security Strategist and chief BlueHat Prize architect Katie Moussouris to stop by the Trustworthy Computing studio today at 11 a.
Wednesday, August 03, 2011
Hello all. Before we look at next week’s bulletin release, we’d like to recommend – for those of you who missed it in the run-up to this year’s Black Hat conference – the third annual Microsoft Security Response Center Progress Report. Every year around this time, we look back at the progress our key security programs have made.
Wednesday, July 27, 2011
Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an attempt to build an accurate “state of the state.
Wednesday, July 27, 2011
Today, the MSRC released its third annual progress report highlighting advancements of key Microsoft programs designed to help prevent and defend against online threats. The Microsoft programs featured in this paper include the following: The Microsoft Active Protections Program (MAPP) and Microsoft Vulnerability Research (MSVR) programs are intended to help protect customers through innovative industry collaboration and information sharing.
Friday, July 15, 2011
Hello, Today we published the July Security Bulletin Webcast Questions & Answers page. We fielded thirteen questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page.
Tuesday, July 12, 2011
Hello all – Over the years we’ve often talked about exploit mitigations – DEP, ASLR, SEHOP and so forth – as effective tools for improving computer security, reducing risk, preventing attacks, and minimizing operational disruption. Today we’re releasing a user’s guide to the toolbox: “Mitigating Software Vulnerabilities,” a white paper with practical information on choosing and enabling those mitigations.
Thursday, July 07, 2011
Hello all – This week we released a special Security Intelligence Reportthat showcases some of the data we amassed in the wake of the big Rustock botnet takedown in the spring of 2010. The new SIR also delves into the diplomacy, secrecy and intellectual property law that all played important roles in the successful international effort that led to the takedown of the Rustock botnet on March 16.
Saturday, June 18, 2011
Hello, Today we published the June Security Bulletin Webcast Questions & Answers page. We fielded fifteen questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer, and we have included those questions and answers on the Q&A page.
Tuesday, June 14, 2011
Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was expected to make a significant difference to infection rates by malware that uses Autorun to propagate, and we’ve been monitoring those rates ever since.
