Archives
-
Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework
Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations.
-
Microsoft Security Intelligence Report Volume 15 Now Available!
This morning, at the RSA Europe conference, Mike Reavey, General Manager for Trustworthy Computing delivered a keynote in which he announced the release of the Microsoft Security Intelligence Report volume 15 (SIRv15). The Microsoft Security Intelligence Report is the most comprehensive cybersecurity threat intelligence report in the industry that analyzes and provides in-depth perspectives on exploits, vulnerabilities, and malware for more than 100 countries/regions worldwide. It is designed to provide prescriptive guidance which can help our customers manage risk and protect their assets.
-
Update: RAMMap v1.31
RAMMap v1.31: This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.
-
Introduction: Chris Betz, new head of MSRC
By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing.
-
Updates: PsExec v2.0, RAMMap v1.3, Sigcheck v2.0
PsExec v2.0: PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service.
-
Advancing the Discussion on Cybersecurity Norms
Posted by Matt Thomlinson, general manager, Trustworthy Computing
-
Announcing the General Availability of Windows Server 2012 R2: The Heart of Cloud OS
For years now, Microsoft has been building and operating some of the largest cloud applications in the world. The expertise culled from these experiences along with our established history of delivering market-leading enterprise operating systems, platforms, and applications has led us to develop a new approach for the modern era: the Microsoft Cloud OS.
-
The Threat Landscape in Canada
Last week I had the opportunity to speak at the Security Education Conference Toronto 2013 (SECTor). I love Canada; Toronto is an amazing city, and the conference was excellent.
-
10 years of Update Tuesdays
On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear and we delivered a predictable schedule.
-
October 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page. We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint (MS13-084) and Kernel-Mode Drivers (MS13-081) bulletins. There was one additional question that we were unable to answer on air, and we have included a response to that question on the Q&A page.
-
The October 2013 security updates
This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083.
-
An update on the bounty programs
Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty program, which covered the first 30 days of the preview period. Today, we are announcing James Forshaw, a security researcher with Context Information Security, has been awarded the first Mitigation Bypass Bounty, which comes with a prize of $100,000.00. As a reminder, this is an ongoing program, so if you are interested in participating, check out all the details here.
-
Strengthening Cybersecurity Through National Strategies: Foundations for Security, Growth, and Innovation
Information and Communications Technology (ICT) offers great benefits for states and their citizens alike—increased efficiency and transparency in government, improvements in civil society, and it has become a major driver of economic growth. Yet along with these benefits have come new threats, including cybercrime such as identity theft and fraud, politically motivated attackers who threaten critical infrastructure, and sophisticated economic and military espionage. A series of recent cyberattacks have disrupted the critical operations of major energy and financial companies. These developments, and others, have made cybersecurity a top priority for governments around the world, Read more
-
EMC Support for the SMB 3.0 Protocol – the Future of Storage Protocols
One of the key issues this blog has covered recently is the transformation of storage. Microsoft is focused on helping customers control the costs of storage, whether by using industry-standard hardware or simplifying existing hardware infrastructure. To that end we have made significant investments in the SMB 3.0 protocol for file-based storage. This helps customers use existing network infrastructure to achieve Fibre Channel-like performance, regardless of the underlying storage subsystem.
-
Advance Notification Service for October 2013 Security Bulletin Release
Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505.