Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags

Browse by Tags

TechNet Blogs » Roger's Security Blog » All Tags » microsoft products
Related Posts

  • Blog Post: Bitlocker now FIPS 140-2 Certified for Windows Vista SP1 and Windows Server 2008

    rhalbheer
    Just a quick one: We received the FIPS 140-2 certification for Bitlocker in Windows Vista SP1 and Windows Server 2008. The certificates were posted on the CMVP website on November 25th. The Security Policy Document along with the certificates can be viewed at, http://csrc.nist.gov/groups/STM/cmvp/documents...
    on 1 Dec 2008

  • Blog Post: File Classification Infrastructure: More content

    rhalbheer
    At the Analyst Event last week I was asked more than once about the File Classification Infrastructure. As it was something I never looked into the details, I started from the blog post I wrote mid May File Classification Infrastructure in Windows Server 2008 R2 and just wanted to collect some information...
    on 29 Jun 2009

  • Blog Post: Introducing Microsoft Office Isolated Conversion Environment

    rhalbheer
    Over the last few months it became evident: The attacks are moving up the stack. We see less and less attacks on the operating systems but much, much more on the application. This is a trend that was basically predicted and unfortunately in this case the prediction was true. We suffered ourselves...
    on 23 May 2007

  • Blog Post: Security Advisory on the recent Internet Explorer Vulnerability

    rhalbheer
    I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
    on 15 Jan 2010

  • Blog Post: Identity in the Cloud

    rhalbheer
    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
    on 25 May 2010

  • Blog Post: Testing our Security Technology

    rhalbheer
    Quite a while ago, I blogged on Virtual Labs, an offering we are making to you to get your hands dirty with our products and give you the opportunity to work with different hands-on labs. There is the VirtualLabs offering, containing MSDN and TechNet labs. The idea behind them is: It's simple: no...
    on 5 May 2008

  • Blog Post: Some Thoughts on UAC

    rhalbheer
    I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
    on 6 Oct 2008

  • Blog Post: Links to Microsoft Security Pages

    rhalbheer
    Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs with regards to Microsoft and Security. If you are looking for something, go there and find it J http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx ...
    on 24 Jun 2008

  • Blog Post: Microsoft Security Compliance Manager 2 ready for download

    rhalbheer
    If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...
    on 25 Oct 2011

  • Blog Post: Participate in the Windows Server 2008 Security Guide Beta program!

    rhalbheer
    We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll out Windows Server 2008 soon, participate and have a look at it: Here is the Technet Executive overview. To join the Beta program, click here . Roger
    on 12 Jan 2008

  • Blog Post: The next step at home: Windows Home Server

    rhalbheer
    One of the big challenges we face all the time is how to control one of these growing networks at home. How shall I help my neighbors to actually manage their growing environment with different PCs (one per parent and one per kid and a mediacenter and, and, and)? I assume that you know that feeling....
    on 6 Nov 2007

  • Blog Post: Strong Authentication and Privacy – A Contradiction in Terms?

    rhalbheer
    You know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom of speech. I recently had a good discussion...
    on 17 Mar 2010

  • Blog Post: How to Hack Windows Vista

    rhalbheer
    No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html . I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security...
    on 27 May 2008

  • Blog Post: 2007 Microsoft Office Suite – Service Pack 2 released

    rhalbheer
    Just a quick one. We released SP2 for Office 2007. You can download it here . Roger
    on 28 Apr 2009

  • Blog Post: Internet Explorer 9, Release Candidate available

    rhalbheer
    You might have seen it: IE9 RC is now ready for download. I am using IE9 since quite a while and it really, really rocks. Install it from here . Roger
    on 11 Feb 2011

  • Blog Post: Update on our Piracy Strategy - Important Changes to WGA

    rhalbheer
    From time to time people ask me about piracy and security. Let's start with piracy first. If you look at the 2007 Global Piracy Study by BSA , the numbers are frightening. Looking at EMEA, it starts with Moldova on 94% pirated software to Denmark with 25% (which is still every fourth copy!) - the...
    on 4 Dec 2007

  • Blog Post: What is a „Kill-Bit“?

    rhalbheer
    We often refer the kill-bit in our Security Bulletins when it comes to ActiveX or COM-objects as a workaround. So, pretty often I get questions around the kill-bit. The Secure Windows Initiative (SWI) just started to publish a series of three posts about that. The Kill-Bit FAQ: Part 1 of 3 Roger
    on 9 Feb 2008

  • Blog Post: Symantec clears Vista on malware

    rhalbheer
    There is a nice article, where Symantec talks about Windows Vista: http://www.vnunet.com/vnunet/news/2184521/symantec-clears-vista-malware They quote the Symantec report and then talk to a person from Sophos. Let's look at a few quotes: Graham Cluley, senior technology consultant at Sophos ...
    on 2 Mar 2007

  • Blog Post: Securing My Infrastructure: Introduction

    rhalbheer
    As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that you would like to get more information how to...
    on 29 Jan 2008

  • Blog Post: The “successful” attack on Cardspace

    rhalbheer
    I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft's Identity Metasystem CardSpace . Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will be. Why...
    on 2 Jun 2008

  • Blog Post: Securing your Web Browser

    rhalbheer
    Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser I am just not clear, how the browsing experience for my mom and dad would be… Roger
    on 29 Apr 2008

  • Blog Post: Insight into IPSec

    rhalbheer
    I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
    on 27 Dec 2007

  • Blog Post: The Windows 7 UAC “Vulnerability”

    rhalbheer
    It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the settings for UAC without getting a UAC prompt. ...
    on 3 Feb 2009

  • Blog Post: Windows 7 Beta and Windows Live

    rhalbheer
    You might have heard it: Yesterday at CES, Steve Ballmer made two very important announcements: The availability of Windows 7 Beta And the availability of the latest version of Windows Live So, start having a look at these two new products. It is worth it! Roger
    on 8 Jan 2009

  • Blog Post: Adding additional File Formats in Office 2007 SP2

    rhalbheer
    We just announced that we will add support for additional file formats in Office System 2007 SP2. Just read more on Open XML, ODF, PDF, and XPS in Office Roger
    on 22 May 2008