Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Bitlocker now FIPS 140-2 Certified for Windows Vista SP1 and Windows Server 2008

    Just a quick one: We received the FIPS 140-2 certification for Bitlocker in Windows Vista SP1 and Windows Server 2008. The certificates were posted on the CMVP website on November 25th. The Security Policy Document along with the certificates can be viewed at, http://csrc.nist.gov/groups/STM/cmvp/documents...
  • Blog Post: File Classification Infrastructure: More content

    At the Analyst Event last week I was asked more than once about the File Classification Infrastructure. As it was something I never looked into the details, I started from the blog post I wrote mid May File Classification Infrastructure in Windows Server 2008 R2 and just wanted to collect some information...
  • Blog Post: Introducing Microsoft Office Isolated Conversion Environment

    Over the last few months it became evident: The attacks are moving up the stack. We see less and less attacks on the operating systems but much, much more on the application. This is a trend that was basically predicted and unfortunately in this case the prediction was true. We suffered ourselves...
  • Blog Post: Security Advisory on the recent Internet Explorer Vulnerability

    I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
  • Blog Post: Identity in the Cloud

    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
  • Blog Post: Testing our Security Technology

    Quite a while ago, I blogged on Virtual Labs, an offering we are making to you to get your hands dirty with our products and give you the opportunity to work with different hands-on labs. There is the VirtualLabs offering, containing MSDN and TechNet labs. The idea behind them is: It's simple: no...
  • Blog Post: Some Thoughts on UAC

    I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
  • Blog Post: Links to Microsoft Security Pages

    Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs with regards to Microsoft and Security. If you are looking for something, go there and find it J http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx ...
  • Blog Post: Microsoft Security Compliance Manager 2 ready for download

    If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...
  • Blog Post: Participate in the Windows Server 2008 Security Guide Beta program!

    We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll out Windows Server 2008 soon, participate and have a look at it: Here is the Technet Executive overview. To join the Beta program, click here . Roger
  • Blog Post: The next step at home: Windows Home Server

    One of the big challenges we face all the time is how to control one of these growing networks at home. How shall I help my neighbors to actually manage their growing environment with different PCs (one per parent and one per kid and a mediacenter and, and, and)? I assume that you know that feeling....
  • Blog Post: Strong Authentication and Privacy – A Contradiction in Terms?

    You know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom of speech. I recently had a good discussion...
  • Blog Post: How to Hack Windows Vista

    No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html . I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security...
  • Blog Post: 2007 Microsoft Office Suite – Service Pack 2 released

    Just a quick one. We released SP2 for Office 2007. You can download it here . Roger
  • Blog Post: Internet Explorer 9, Release Candidate available

    You might have seen it: IE9 RC is now ready for download. I am using IE9 since quite a while and it really, really rocks. Install it from here . Roger
  • Blog Post: Update on our Piracy Strategy - Important Changes to WGA

    From time to time people ask me about piracy and security. Let's start with piracy first. If you look at the 2007 Global Piracy Study by BSA , the numbers are frightening. Looking at EMEA, it starts with Moldova on 94% pirated software to Denmark with 25% (which is still every fourth copy!) - the...
  • Blog Post: What is a „Kill-Bit“?

    We often refer the kill-bit in our Security Bulletins when it comes to ActiveX or COM-objects as a workaround. So, pretty often I get questions around the kill-bit. The Secure Windows Initiative (SWI) just started to publish a series of three posts about that. The Kill-Bit FAQ: Part 1 of 3 Roger
  • Blog Post: Symantec clears Vista on malware

    There is a nice article, where Symantec talks about Windows Vista: http://www.vnunet.com/vnunet/news/2184521/symantec-clears-vista-malware They quote the Symantec report and then talk to a person from Sophos. Let's look at a few quotes: Graham Cluley, senior technology consultant at Sophos ...
  • Blog Post: Securing My Infrastructure: Introduction

    As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that you would like to get more information how to...
  • Blog Post: The “successful” attack on Cardspace

    I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft's Identity Metasystem CardSpace . Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will be. Why...
  • Blog Post: Securing your Web Browser

    Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser I am just not clear, how the browsing experience for my mom and dad would be… Roger
  • Blog Post: Insight into IPSec

    I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
  • Blog Post: The Windows 7 UAC “Vulnerability”

    It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the settings for UAC without getting a UAC prompt. ...
  • Blog Post: Windows 7 Beta and Windows Live

    You might have heard it: Yesterday at CES, Steve Ballmer made two very important announcements: The availability of Windows 7 Beta And the availability of the latest version of Windows Live So, start having a look at these two new products. It is worth it! Roger
  • Blog Post: Adding additional File Formats in Office 2007 SP2

    We just announced that we will add support for additional file formats in Office System 2007 SP2. Just read more on Open XML, ODF, PDF, and XPS in Office Roger