Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: Trustworthy Computing : Learning About Threats Over 10 Years–Part 5

    This post continue my analysis of industry vulnerability disclosures started in part 4 last week and is part of an ongoing series of posts based upon Tim Rains and my recent special edition Microsoft Security Intelligence Report (SIR) called “ The evolution of malware and the threat landscape – a ten...
  • Blog Post: 2008 Pwn2Own Winner says Safari is an Easy Target

    Apple Inc.'s Safari is the juiciest target in the upcoming PWN2OWN hacking contest, last year's winner predicted today. "It's an easy target," said Charlie Miller, the vulnerability researcher who last year walked off with a $10,000 cash prize for breaking into an Apple laptop just a few minutes...
  • Blog Post: Mac OS X Security - Reality Check #2

    First, let me express a caveat. I don't really care for "hack the box" contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right circumstances. So, don't read too much into the...
  • Blog Post: Q1 2008 - Client OS Vulnerability Scorecard

    This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Red Hat Enterprise Linux Desktop (v. 5 client) Red...
  • Blog Post: Computerworld: Apple delivers record monster security update

    (Computerworld) Apple [yesterday] patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood...
  • Blog Post: Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

    This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just...