Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

June, 2008

  • New Security Tools for IIS and SQL

    In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests. Microsoft Source Code Analyzer for SQL Injection (MSCASI) CTP ( see the SQL...
  • Download Hyper-V RTM for WIndows server 2008

    I converted my office fileserver to Windows Server 2008 (WS2008) a while back and I've never been happier - WS2008 is my favorite product ever. Nicely modular, pretty much everything turned off by default and some great tools for enabling just the components your need for a particular role. There is one more step I've been wanting to take and that is to enable the Hyper-V role and convert my fileserver over to just one virtual machine on the box, so I can set up other VMs on the same box. Today,...
  • Download: Server Core Potential Security Benefit

    With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer and Windows Media Player – that would be present in a default installation. In this very short report ( download the full report ), I perform a brief analysis how much smaller the software footprint is for Windows Server 2008 Server Core and examine...
  • Visit the New SDL (Security Development Lifecycle) Web Site

    I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl , instead of some long name you'd never remember. Of course, once you navigate to that URL, you get redirected to a long url that you'll never remember that is on the MSDN subsite, which is encouraging when you think about it. I have it on reasonably good authority (aka the site owner), that there are...
  • TechEd Session SEC250 - Windows Server Security Advances - 4:30PM Today, Room N320A

    For those of you that are at TechEd today, I want to invite you around to my session on Security Advances in Windows Server 2008 today in room N320A. I'll be covering this general outline: SDL work on Windows Server 2008 Architectural security enhancements Security features and capabilities Looking at the security track record for the first 90 days Without a doubt, Windows Server 2008 is my favorite product that we've released over the past few years in general, but also specifically in terms of...