TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support options
For small and midsize businesses
For enterprises
For developers
For IT professionals
From partners
For technical support
Support offerings
For home users
More support
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags
Advisory
Anti-Malware
Applications
Architecture
Associations
Behaviour
Blog
botnet
Browsing
Chief Security Advisor
Children
Cloud
Cloud Computing
Collaboration
Competition
Compliance
Consumer
cost
Crime
Critical Infrastructure
Critical Infrastructure Protection
cybercrime
Cybersecurity Agenda
Data Protection
Development Lifecycle
Ecosystem
encryption
Event
Events/Training
Family
Freedom of Speech
Fun
Gaming
Government
Hacking
Home
Identity
Identity Theft
Incident Response
Incident Sharing
Incidents
Industry
Industry Associations
Internet Explorer
Interoperability
Law Enforcement
Legislation
Lifecycle
malware
Mass Mailer
Messaging
Microsoft
Microsoft products
Mindset
Mobile
Network
NGO
Online Safety
OpenSource
Passwrods
patch management
People
Phone
Piracy
Policies
Policy
Policy Makers
politics
Privacy
Processes
Products
protection
Real Life
risk assessment
risk management
Securing My Infrastructure
Security
Security Intelligence Report
Security Updates
Social Engineering
social media
Strategy
support
TechEd EMEA
TechEd-ITForum
Technology
Teens
Terrorism
trends
Trip
Trust
Trustworthy Computing
UN
University
Updates
Vulnerabilities
Windows
Windows Phone
worm
XBOX
Browse by Tags
TechNet Blogs
»
Roger's Security Blog
»
All Tags
»
security updates
Related Posts
Blog Post:
10 Years of Trustworthy Computing at Microsoft
rhalbheer
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
on
12 Jan 2012
Blog Post:
Security Updates and Exploit Code
rhalbheer
In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution . Relatively soon after the release, there was a public exploit code available - we informed here: Proof-of-Concept Code available for MS12-020 . This would not necessarily...
on
19 Mar 2012
Blog Post:
Microsoft Security Update Guide, Second Edition
rhalbheer
A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand...
on
28 Mar 2011
Blog Post:
Security of Car Software
rhalbheer
We have seen some of the attacks recently, where people started to attack either the locks or the technology/software in the car itself controlling the chassis etc. On DarkReading I was just reading this article: Car Systems Reminiscent of Early PCs One of the things I do not get with cars is the way...
on
9 Sep 2011
Blog Post:
The Risks of Unofficial Patches
rhalbheer
This is quite a normal scenario: A zero-day pops up on the Internet by a security researcher. Immediately afterwards we see the first exploits appearing and being integrated into the different attack tools. Now, the race started: The vendor has to develop a security update, the criminals try to exploit...
on
17 Sep 2010
Blog Post:
Implementing the Top 4 Defense Strategies
rhalbheer
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...
on
13 Dec 2011
Blog Post:
Assessing the risk of the August security updates
rhalbheer
This month it is pretty important to read the Security Research and Defense blog post: Assessing the risk of the August security updates It might help you to get an overview on the biggest release ever Roger
on
10 Aug 2010
Blog Post:
On the effectiveness of DEP and ASLR
rhalbheer
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...
on
9 Dec 2010