Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: 10 Years of Trustworthy Computing at Microsoft

    Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
  • Blog Post: Security Updates and Exploit Code

    In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution . Relatively soon after the release, there was a public exploit code available - we informed here: Proof-of-Concept Code available for MS12-020 . This would not necessarily...
  • Blog Post: Microsoft Security Update Guide, Second Edition

    A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand...
  • Blog Post: Security of Car Software

    We have seen some of the attacks recently, where people started to attack either the locks or the technology/software in the car itself controlling the chassis etc. On DarkReading I was just reading this article: Car Systems Reminiscent of Early PCs One of the things I do not get with cars is the way...
  • Blog Post: The Risks of Unofficial Patches

    This is quite a normal scenario: A zero-day pops up on the Internet by a security researcher. Immediately afterwards we see the first exploits appearing and being integrated into the different attack tools. Now, the race started: The vendor has to develop a security update, the criminals try to exploit...
  • Blog Post: Implementing the Top 4 Defense Strategies

    The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...
  • Blog Post: Assessing the risk of the August security updates

    This month it is pretty important to read the Security Research and Defense blog post: Assessing the risk of the August security updates It might help you to get an overview on the biggest release ever Roger
  • Blog Post: On the effectiveness of DEP and ASLR

    Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...