Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

January, 2006

  • More security theater, in the air

    Recently I was on yet another flight, trying to get some e-mail done. This time, however, I was answering e-mail offline on my SmartPhone. Of course, the phone was in flight mode so the radio was off. I wouldn't want to "interfere with the aircrafts navigation...
  • More on Using ISA to Block WMF Attacks

    Jim Harrison has created a very cool script to do much better blocking of the WMF exploit in ISA server. The script is nice because it sets up a policy that actually parses the request body and blocks WMF files that are renamed to something else by using...
  • Ready! Set! Go...patch your stuff!!!

    OK, you have probably seen it, but the official update for the WMF vulnerability was just posted! The bulletin is titled MS06-001 . The updates are on Windows Update , as well as on the download center. Links to the Download Center updates are in the...
  • Conscientious Risk Management and WMF

    This past week there have been a lot of questions about the WMF vulnerability, what Microsoft is doing, and what the community should do to protect against it. For many reasons, Microsoft's response to the problem is best left to those who do this for...