Today, the MSRC released its third annual progress report highlighting advancements of key Microsoft programs designed to help prevent and defend against online threats. The Microsoft programs featured in this paper include the following: The Microsoft Active Protections Program (MAPP) and Microsoft Vulnerability Research (MSVR) programs are intended to help protect customers through innovative industry collaboration and information sharing. The Exploitability Index provides additional information...

Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an attempt to build an accurate “state of the state.” The popular question of late seems to be “Is the ecosystem getting more or less secure?” In my role, I talk with a lot of customers...

Hello, Today we published the July Security Bulletin Webcast Questions & Answers page . We fielded thirteen questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, August 10th at 11am PDT (UTC -7), when we...

Hello all -- Over the years we’ve often talked about exploit mitigations – DEP, ASLR, SEHOP and so forth – as effective tools for improving computer security, reducing risk, preventing attacks, and minimizing operational disruption. Today we’re releasing a user’s guide to the toolbox: “Mitigating Software Vulnerabilities,” a white paper with practical information on choosing and enabling those mitigations. We hope this paper becomes an indispensable reference...

Hello all -- This week we released a special Security Intelligence Report that showcases some of the data we amassed in the wake of the big Rustock botnet takedown in the spring of 2010. The new SIR also delves into the diplomacy, secrecy and intellectual property law that all played important roles in the successful international effort that led to the takedown of the Rustock botnet on March 16. This was Microsoft’s second global botnet takedown effort, after Waledac in February, 2011...