Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

February, 2014

  • Now Available: EMET 5.0 Technical Preview

    Today at RSA Conference 2014, Microsoft released a new version of its Enhanced Mitigation Experience Toolkit (EMET), “EMET 5.0 Technical Preview.” EMET is one of our most popular free security tools that helps IT Professionals and Developers manage risk for their organizations.  Typically it is used by IT Professionals and Developers to help protect systems from exploitation via software vulnerabilities.   Read more

  • And the Gold Medal Goes to … Finland!

    The closing ceremonies are quickly approaching in Sochi, Russia, with ice skaters, skiers, curlers and other world-renowned athletes racing to stand atop the podium. But one nation is already seeing gold: Finland has once again prevailed as the country with the lowest malware infection rates.

    We’re thrilled to honor Finland’s computer security efforts with the gold medal in the closing ceremonies of our blog series. Microsoft measures quarterly malware infection rates in 106 countries/regions worldwide in its Security Intelligence Report (SIR). The latest report indicates that Finland has demonstrated its prowess with the least amount of malware infections in the second quarter of 2013. Read more

  • Japan Skates into Second Place

    Skaters are speeding around Sochi ice rinks this week at the 2014 Winter Games, capturing the world’s attention with their grace and athletic prowess. Our blog series also skates along to another medal round, as we honor Japan with our second-place silver medal for its exemplary approach to managing malware threats. Read more

  • The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency

    Posted by Matt Thomlinson, Vice President, Microsoft Security

    Yesterday, the Administration released the much anticipated Cybersecurity Framework.  What does the Framework mean for the critical infrastructures, both in the United States and beyond?  The Framework, developed over the past year by the National Institute of Standards and Technology (NIST), is a significant milestone in an ongoing and successful collaboration among a broad range of industry and government organizations concerned with improving the cybersecurity of critical infrastructure.  Microsoft appreciates the opportunity to contribute to the development of the Cybersecurity Framework, and we were honored to participate in Wednesday’s launch event.  Read more

  • RSA Conference 2014: Internet Growth Brings New Opportunities and New Challenges

    It’s hard to believe RSA Conference USA 2014 is just a few weeks away.  Microsoft has been an active participant at RSA Conference for over a decade now and it’s great to see how far the awareness and importance of IT security has come. Over the past decade, attendance has grown dramatically, and this year’s conference is expected to be attended by more than 24,000 people. Read more

  • Ask Your Employees to "Do 1 Thing" Today

    One of the most important things an IT Professional can do in any organization is help protect its employees from cybercriminal activity by raising the level of education and awareness for IT Security.  Doing so helps to reduce risks to both employees and the company.  While ongoing education is important, it can sometimes be challenging to get the attention of employees.  Many of the IT Professionals that I talk with are interested in finding new ways to stimulate these conversations within their organization.  One great way to do so is on Safer Internet Day (SID). Read more

  • Norway Sweeps In With Bronze Medal

    Norway could dominate cross-country skiing events this week, thanks to several renowned athletes already making headlines. Whether its skiers racing past their competition or not, Norway’s cross-country efforts in computer security are already victorious, scooping up Microsoft’s bronze medal as one of the world’s best at keeping their environment free of malware. Read more

  • Cleanest Countries/Regions Jump to the Top of Our Podium

    As world-class winter athletes compete on the slopes of Russia today, we decided to celebrate our own global medalists — the countries/regions which had the least amount of malware infections in the first half of 2013. Read more

  • Threats in the Cloud – Part 2: Distributed Denial of Service Attacks

    Organizations that operate or use Internet connected services such as websites, portals and Cloud services need to be aware of threats that can disrupt service. In the first part of this series I discussed Domain Name System (DNS) attacks and their potential to disrupt services and infect large volumes of users with malware.  This article discusses Distributed Denial of Service (DDoS) attacks using insights from the latest volume of the Microsoft Security Intelligence Report, volume 15.  Read more

  • Threats in the Cloud – Part 1: DNS Attacks

    The popularity of Cloud services has increased immensely over the past few years. Transparency into how these services are architected and managed has played a big role in this growth story. Many of the CISOs I talk to about leveraging Cloud services want insight into the types of threats that Cloud services face, in order to feel comfortable with hosting their organization’s data and applications in the Cloud. In the latest volume of the Microsoft Security Intelligence Report, volume 15, we include details on a couple of threats that Cloud service providers and their customers should be aware of. But for organizations that have been running their own data centers and web properties, these threats will be familiar and come as no surprise; attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks are something that proprietors of Internet-connected IT infrastructures and Cloud services, big and small, need to be aware of and plan for in order to manage the risk of interruption to their operations. These attacks have the potential to interrupt Internet services such as websites, portals, and Cloud services, and to infect Internet connected devices with malware. Read more