Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

October, 2013

  • Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework

    Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations. 

    I was pleased to participate as a panelist alongside:

    • Mark Clancy, CISO of the Depository Trust and Clearing Corporation
    • Trevor Hughes, President and CEO of the International Association of Privacy Professionals
    • Mike Kuberski, Chief Information Security Officer of Pepco Holdings
    • Larry Trittschuh, Executive Director for Threat Management, General Electric
    • Fred Cate, Indiana University Maurer School of Law, who served as moderator

    Read more

  • Microsoft Security Intelligence Report Volume 15 Now Available!

    This morning, at the RSA Europe conference, Mike Reavey, General Manager for Trustworthy Computing delivered a keynote in which he announced the release of the Microsoft Security Intelligence Report volume 15 (SIRv15).  The Microsoft Security Intelligence Report is the most comprehensive cybersecurity threat intelligence report in the industry that analyzes and provides in-depth perspectives on exploits, vulnerabilities, and malware for more than 100 countries/regions worldwide.  It is designed to provide prescriptive guidance which can help our customers manage risk and protect their assets.

    In addition to many other key learnings, the report examines the security risks of running unsupported software and looks at the implications of using Windows XP once support, including security updates, ends on April 8, 2014.  I encourage you to check out my post titled ““New Cybersecurity Report Details Risk of Running Unsupported Software” on the Microsoft on the Issues blog which discusses the data on this topic in greater detail for more information.  To download the new Security Intelligence Report, please visit

  • Advancing the Discussion on Cybersecurity Norms

    Posted by Matt Thomlinson, general manager, Trustworthy Computing

    Last week I participated in the Seoul Conference on Cyberspace 2013, where I spoke on a panel on capacity building, and also participated in the ICT4Peace Foundation’s special session at the conference.

    During the capacity-building panel, I discussed how over the next six years, another two billion users will come online, basically doubling the Internet population.  The majority of these users will be from emerging economies, who will still be bringing large portions of their populations online.   But with the ability to realize the social and economic benefits of cyberspace also come a new challenge - cybersecurity is necessary to sustain confidence and growth. Read more

  • The Threat Landscape in Canada

    Last week I had the opportunity to speak at the Security Education Conference Toronto 2013 (SECTor). I love Canada; Toronto is an amazing city, and the conference was excellent.

    During my session at the conference I discussed the threat landscape in Canada, based on data from various volumes of the Microsoft Security Intelligence Reports. Canada’s malware infection rate (CCM) has been consistently lower than the worldwide average for several years as seen in Figure 1. Canada’s malware infection rate increased (almost doubled) in the first quarter of 2013 (1Q13). Despite this increase, the malware infection rate in the United States was almost double Canada’s in the same time period – as it saw a similar increase. The infection rates in the United Kingdom and France were lower than Canada’s in the first half of 2013, which isn’t unusual. Read more.

  • Strengthening Cybersecurity Through National Strategies: Foundations for Security, Growth, and Innovation

    Information and Communications Technology (ICT) offers great benefits for states and their citizens alike—increased efficiency and transparency in government, improvements in civil society, and it has become a major driver of economic growth. Yet along with these benefits have come new threats, including cybercrime such as identity theft and fraud, politically motivated attackers who threaten critical infrastructure, and sophisticated economic and military espionage. A series of recent cyberattacks have disrupted the critical operations of major energy and financial companies. These developments, and others, have made cybersecurity a top priority for governments around the world, Read more