Microsoft Switzerland Security Blog

Security informations brought to you by the Swiss Security Team.

March, 2006

  • Vista will remove 'low-hanging fruit'

    I do not know whether you know John Pescatore, Gartner. He is definitely not, what you can call a Microsoft fan. Today he seems to have made the following statement: "It [Vista] is going to remove the low-hanging fruit. It is going to make it that...
  • Pescatore (Gartner) on 3rd Party Patch

    A pretty cool quote from John Pescatore, Gartner on third-party patches: My neighbor is a smart guy, and he designs medical machinery. However, I'm pretty sure I won't be using his homegrown remedy for bird flu. I'm also really sure I don't want my...
  • Vulnerabilities to Sell

    The trend continues: Initially there has been the debate around irresponsible and responsible disclosure in the community. You might remember that there have been security researchers out there telling us that the only way to force the vendor to fix security...
  • We are at TechDays

    I know that we have been pretty slow on blogging over the last weeks but we have been struggling with the preparation for TechDays. They will take place next week in Interlaken immediately after x.days ( www.xdays.ch and www.techdays.ch ). We (Urs...
  • Problems with Nyxem?

    It is pretty interesting: There is often just one AV-vendor making noise around some issues and once again, they are talking about Nyxem. Guess what, they have been the ones talking about Nyxem a month ago, where everybody else was calming down the situation...
  • News from Internet Explorer 7

    Last Friday and this Monday we ahd the pleasure to host two persons from the IE-team from Redmond. They ran several presentations and hosted a press roundtable. It is really exiting what we will bring as soon as we release IE7. If you want to prepare...
  • Hybrid Worm?

    F-Secure is claiming news about two new mobile viruses: One the is build on Java 2 Mobile Edition sending SMS to a pay-per-use number in Russia (no wanting to steal money) and the second that would be hybrid to be transferred from a PocketPC to a PC....
  • ActiveX Change can be disabled

    Mike Nash just published information about the ActiveX fix on the MSRC blog. The most important part is: New machines that ship with Windows will include the ActiveX change. For our April IE cumulative security update, we will include the IE...
  • Hybrid Worm (2)???

    It seems that I hit the nail yesterday as we had some customer inquiries yesterday and today. Computerworld and some other press articles took this up. Matter of fact is: MARA claims that this virus exists ( http://www.mobileav.org/ ), F-Secure took it...
  • Public IE Vulnerability

    I get questions regarding the recently published vulnerability that might crash IE. The best information at the moment regarding this, you can find at the blog of the Microsoft Security Response Center: http://blogs.technet.com/msrc/default.aspx Roger
  • Application Threat Modelling

    This February I had to opportunity to meet our internal IT Threat Modelling team together with a customer and I was really impressed how our internal IT is doing threat modelling of applications they are buying and using in our network. Now, they released...
  • IE Vulnerability Update

    There are at least two third party patches for the IE vulnerability out there. Please be aware of two things: They do not fix the actual vulnerability The application of a third-party-patch is not supported At the end it is part of your risk...
  • ActiveX Behavior Change

    Several times already we (Microsoft) infomred about a change we will ahve to make in the way we handle ActiveX. On February, 28 we published a Security Advisory to pre-warn about this change: http://www.microsoft.com/technet/security/advisory/912945.mspx...