Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
Keep all your software updated and current
I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To me, today Windows...
12 Apr 2012
Implementing the Top 4 Defense Strategies
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...
13 Dec 2011
Microsoft Security Update Guide, Second Edition
A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand...
28 Mar 2011
Attacks on Application Level
That the attacks move up the stack is really nothing new. However, it increases the challenge to secure your environment as you have to take Patch Management all the way. I blogged on that several times already e.g.: Patch Management, a key step towards compliance! Patch Management – Cover the whole...
18 Jan 2011
Behind the Curtain of Second Tuesdays: Challenges in Software Security Response
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
2 Dec 2010
Move to latest versions - for security reasons
We all know that Windows XP is rock-solid but not capable anymore to defend against today’s attacks and the same is true for IE6. Having been great products, when they were launched, the threat landscape changed significantly since then. Windows 7 has a great potential to help customers now...
2 Nov 2010
Stuxnet: Future of warfare? Or just lax security?
What is your view?: Stuxnet: Future of warfare? Or just lax security? Roger
27 Sep 2010
The Risks of Unofficial Patches
This is quite a normal scenario: A zero-day pops up on the Internet by a security researcher. Immediately afterwards we see the first exploits appearing and being integrated into the different attack tools. Now, the race started: The vendor has to develop a security update, the criminals try to exploit...
17 Sep 2010
Support for Windows XP SP2 ends today!
I just wanted to remind you: The support for Windows XP SP2 ends today. I hope that this does not catch you by surprise. If you need all the information about which kind of support ends when for which product, please consult out Lifecycle page. If you have a Premier Support contract with us, your Technical...
13 Jul 2010
Microsoft Security Intelligence Report – What it means for EMEA
“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
5 May 2010
The Microsoft Security Update Guide
I know that these news are not new but I was away when we announced it and to me it is important enough to take it up afterwards. Over the last few months we worked on a document explaining everything which is going on around an Update Tuesday. So, what is an Advanced Notification, what information do...
13 Aug 2009
Patch Management, a key step towards compliance!
As you might have read, I recently blogged about my infrastructure and the future of a platform towards a better management of compliance – honestly, I actually played with our latest technology . I wrote about Deploying PKI Time Sync on Virtual DCs Now, a necessary and very important next step towards...
22 May 2009
MS09-017: An out-of-the-ordinary PowerPoint security update
Our Security Research and Defense team blogged on the PowerPoint security update we published on Tuesday. There are a few things which were not “business as usual”: The update for the Windows version of PowerPoint went out before the Mac version. The reason is that we did not want to hold the Windows...
13 May 2009
Patch Management – Cover the whole 9 yards
I pretty often have discussions about Patch Management with our customers. I think it is a very important discussion as I see too many customers not patching at all. However, taking the shining examples – they often look at the Microsoft product suite “only”. You might remember that I blogged about my...
26 Mar 2009
Qtel’s Guide to a Faster Internet Experience
I like that: As you probably know, I did a tour through the Gulf when we launched the Security Intelligence Report last year. One of the reasons was that we know that the Gulf has a pretty high malware infection rate. You can read this in the corresponding blog post: Security Intelligence Report v5 Live...
9 Mar 2009
Would a properly managed IT have withstood Conficker?
Before I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network! I had a lot of discussions over the course of time about the reasons for customers being infected. We all know the attack vectors of Conficker but...
4 Mar 2009
Is there a Correlation between Stolen Software (Piracy) and Security/Patching?
Remark : A few weeks ago I made a post where I asked you about the correlation between Piracy and Security. I was talking about Piracy (stolen software) and got a lot of answers about Privacy (Data Protection) . So the following post is about stolen and illegal software… I was recently asked in a...
20 Jan 2009
Russian Roulette with your Network
First of all, before I really start, I hope that you all had a great start in 2009. Mine was actually pretty mixed. The good side was, how my year really started and what I saw when I looked out the window at January 1st (yes, I was on vacation skiing and this was how the view was almost each and every...
4 Jan 2009
98% unpatched – and I am one of them :(
Well, you saw my post earlier this week on the 1.96% of PCs being updated according to Secuina . Well, as time does, I decided to install this tool as well to look at it. I did an initial scan on my home PC and this was the outcome: Outch, this hurts my soul but shows as well the problem: I definitely...
5 Dec 2008
Only 1.91% of PCs are patched!
Well, honestly, I am not completely clear how statistically relevant this data point is. I just read it in a secunia blog where they published figures of users of their free solution. This is data of the last few weeks and looks into the results of the first scan of the product on a PCs. It covers 20...
4 Dec 2008
Attacks on MS08-067
As we were pushing on our Out-of-Band release earlier this month we tried to make you understand that immediate deployment is needed as the vulnerability is high risk. Otherwise we would not have gone out of band… Interestingly enough, we have not seen widespread attacks since now. Earlier today now...
26 Nov 2008
Servers still not patched
I just read an article this morning on Linux servers under the Phalanx gun: A problem with people, not code . There were quite some things which made me think when I read it: There was a statement in there, which I – obviously – did not like at all: Linux may be inherently more secure as a system...
29 Aug 2008
Page 1 of 1 (22 items)
© 2013 Microsoft Corporation.
Privacy & Cookies