On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform.
Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.
Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.Read the rest of the Advisory here
The updated Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the Microsoft Windows operating systems. This guide is intended primarily for consultants, security specialists, systems architects, and IT professionals who are responsible for the planning stages of application or infrastructure development and the deployment of computers that run Windows XP with SP2 or Windows Server 2003 with SP1 in enterprise environments. This guide is not intended for home users.
Microsoft may take the most heat on security vulnerabilities, but other software vendors need to catch up when it comes to dealing with flaws found in their products, IT execs and analysts say. Read the Computerworld article here http://www.computerworld.com/securitytopics/security/holes/story/0,10801,107938p2,00.html
If your a student or know a keen student IT Professional make sure you enter the IT Invitational in the Imagine Cup 2006. The IT Invitational highlights the art and science of developing, deploying, and maintaining IT systems that are efficient, functional, robust and secure. In most scenarios IT professionals have a base set of tools and techniques, but still have to work through custom needs and configurations that require an intimate understanding of how all the pieces fit together. They also have to know how far the systems can be pushed before they might break. This means that every coffee shop, office environment, university, and even restaurants require these skills to run well. The IT invitational challenges students to demonstrate proficiency in the science of networks, databases, and servers, as well as the areas of analysis and decision making in IT environments.
General GuidelinesIndividual competition First round is an online quiz All students achieving the minimum qualifying mark will advance to the 2 nd round Second round is a series of business cases that will need to be solved 6 individuals advance to final competition in IndiaPrize Amounts for Worldwide Finals First Place - $8,000 Second Place - $4,000 Third Place - $3,000 Additional prizes – Competitors that achieve advancement to the worldwide finals will also receive travel and accommodations to attend the final competition in Delhi, India.Calendar Nov 1, 2005 – Registration Opens Feb 6, 2006 – Round One Begins Mar 15, 2006 – Registration Closes / Round One Closes April 1, 2006 – 2nd Round finalists announced April 5, 2006 – 2nd Round Begins May 8, 2006 – 2nd Round Closes May 22, 2006 – 6 Worldwide finalists announcedRegister Here!
Carrying on from the previous post around the recent Security Threat, here is an update:Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.
The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft’s Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.
Based on strong customer feedback, all Microsoft’s security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time.