Archives
-
Examining Korea’s Rollercoaster Threat Landscape
The last time I wrote about the threat landscape in the Republic of Korea, its malware infection rate had increased six-fold in the first six months of 2012. Korea has had one of the most active threat landscapes in the world for many years. According to the latest data published in the Microsoft Security Intelligence Report Volume 14, the last half of 2012 was no different. Figure 1 provides the raw number of systems that were disinfected in Korea and other relatively active locations in each of the four quarters of 2012. Read more
-
Microsoft Releases Security Advisory 2887505
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks.
While we are actively working to develop a security update to address this issue, we encourage Internet Explorer customers concerned with the risk associated with this vulnerability, to deploy the following workarounds and mitigations from the advisory: -
Financial Services: A Survey of the State of Secure Application Development Processes
The financial services industry is one of the world’s largest industries by monetary value, and an industry which has a direct impact on the lives of billions of people around the world. Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals, companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind.
-
September 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six questions on air, and those we did not have time for have been included on the Q&A page.
-
Lovely tokens and the September 2013 security updates
Helen Hunt Jackson famously wrote, “By all lovely tokens September is here, with summer’s best of weather and autumn’s best of cheer.” I share Helen’s clear adoration for this time of year. As a sports fan, there are so many “lovely tokens” to enjoy. The baseball pennant race is heating up, college and pro football are underway, and various soccer leagues (real football to the rest of the world) continue. As a parent, there are the “lovely tokens” of my kids returning to school, which brings a reminder of summer’s passing and excitement for another year of learning, growing, and adjusting to a new routine. For me, the routine is set: the second Tuesday of the month is here and with it comes a round of “lovely tokens” to help protect our customers.
-
Attention TechNet and MSDN Subscribers: Windows Server 2012 R2 available for download today
Hi, all,
-
Windows Server 2012 RTM Now Available for MSDN and TechNet Subscribers
You asked, we delivered. As announced on Steve Guggenheimer's blog, and Microsoft VP Brad Anderson’s blog post, “Ready Now for TNS & MSDN: Download Windows Server 2012 R2”, the Released to Manufacturing (RTM) bits for Windows 8.1 and Windows Server 2012 R2 are now available for download to current MSDN and TechNet subscribers.
-
CISO Perspectives on Compliance in the Cloud
Regulatory compliance is a hot topic among many of the customers I talk to. Of particular interest is compliance as it relates to the cloud. It is a challenging topic and there are many regulations that Chief Information Security Officers (CISOs) need to be aware of and adhere to and these can vary significantly by industry and location.
-
Happy Birthday Windows Server 2012 – What Superhero Is it?
Birthdays are always special and we wanted to take this moment to celebrate the birthday of a special product. This week we are celebrating the birthday of Windows Server 2012. The product has done really well in the market and has super human strength. So here’s a question for you, “If Windows Server 2012 were a superhero, who would it be?”
-
Advance Notification Service for September 2013 Security Bulletin Release
In celebration of kids heading back to school, today we’re providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows.
-
CISO Perspectives on Risk
Many of the Chief Information Security Officers (CISOs) and security executives that I talk to tell me that they are always craving information. It always seems as though while some parts of their job responsibilities are under control, they think that other areas need more of their attention or could be more efficiently managed. Since they typically have limited time, limited information and limited resources, they look for sources of information that are tailored for their specific needs, making the information easy to consume and highly valuable. One such source of information for security executives is… other security executives. Most, if not all of the CISOs that I talk to, rely on other security executives in the industry to provide insights into topics they are interested in. When they can get valuable information and advice on an important topic from someone doing a similar job in another organization, they typically are willing to listen and engage. Read more
-
The Hybrid Cloud Storage Transformation
A frustrating reality for IT leaders is that their teams continue to struggle with the complications of data growth even though they spend more money on storage every year. It’s not surprising that IT leaders are looking for new storage architectures to help them solve their scalability problems and reduce their costs. A post to this blog in June briefly discussed the problems customers are having with data growth and mentioned how a StorSimple Cloud-integrated Storage system could be used to alleviate them. This post expands on that conversation and introduces the Microsoft hybrid cloud storage solution.