Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

February, 2009

  • Pre-warning: Windows Server 2003 SP1 Out of Support in April

    During Conficker we realized that a lot of customers are on unsupported OSs. I would like to draw your attention to a few things: There is a webpage called Microsoft Support Lifecycle where you find all the information on the lifecycle of our products...
  • Two new Security Advisories

    I just want to make sure you have seen it: There were some reports in the last day or two about targeted attacks on Excel. We are aware of these reports and are looking into this. In order to give you our assessment of the situation, we published Microsoft...
  • Security Compliance Management Toolkit

    A few days ago, we released the Security Compliance Management Toolkit. I think that this toolkit might definitely help you to secure your environment and monitor it against a security baseline Security Compliance Management Toolkit Series Roger
  • Gazelle – the secure Web browser of the future?

    This is an interesting paper from Microsoft Research. Now, before you read it: This is research and be no means a commitement to develop it for IE 9. The Multi-Principal OS Construction of the Gazelle Web Browser Roger
  • The Impact of the Security Development Lifecycle

    Jeff Jones just started a blog series to show the impact of our Security Development Lifecycle on the updates to be deployed. It is a pretty interesting read: Here is the February version: Feb09 Security Bulletin SDL Benefit Summary Roger
  • Scam Awareness Month in the UK

    I guess you know Get Safe Online in the meantime. They are publishing a lot of good and insightful information. Now, they collaborate with the Office of Fair Trading in the UK for a Scam Awareness Month. Again, there is a log of excellent information...
  • News from the Interop front

    Not directly security related: I am often asked about the interoperability between our products and third-party products. Additionally people claim that we do not allow others to use our technology – that we lock you in. Just now I read the following...
  • Additional Conficker Guidance

    Yes, Conficker is far from being over. We still see a lot of infections. Therefore we decided to publish additional guidance for Conficker: Microsoft Conficker guidance page for IT Professionals and those focused on security in the enterprise: http:/...
  • UAC in Windows 7: The “Final” Decision

    Jon and Steven released another blog post on UAC and explained their decision how to change things : They start with the risk of blogging: When we started the “E7” blog we were both excited and also a bit uneasy. The excitement is obvious. The unease...
  • Both Sides of the Windows 7 UAC Problem

    I have to come back to the UAC problem again. I just read a good article from Larry Seltzer on Both Sides of the Win7 UAC Problem I think it is one of the first one I read, which takes the emotions out of the discussion and tries to understand...
  • The Way to a Zero Day

    No, sorry but this is not a tutorial I just read this blog post on Websense which is pretty interesting: The way to a zero-day Roger
  • The Windows 7 UAC “Vulnerability”

    It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the...