Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: Mac OS X Security - Reality Check #1

    UPDATE: A colleague sent me a link to the source paper that the article discusses: http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf . As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am even happier when others do it. I think Apple...
  • Blog Post: March 2007 - Vuln Scorecard

    I just posted my March 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation. Here is the workstation chart: I plan to update this...
  • Blog Post: 2008 Pwn2Own Winner says Safari is an Easy Target

    Apple Inc.'s Safari is the juiciest target in the upcoming PWN2OWN hacking contest, last year's winner predicted today. "It's an easy target," said Charlie Miller, the vulnerability researcher who last year walked off with a $10,000 cash prize for breaking into an Apple laptop just a few minutes...
  • Blog Post: CNET, Experts and Windows Vista Security

    UPDATE: Corrected my math problem, based upon astute reader feedback (he says sheepishly) Reading online news this morning, I came across the CNET headline: Experts: Don't buy Vista for the security . Wondering what the experts were saying, I clicked and read the article and once again I got a good...
  • Blog Post: Mac OS X Security - Reality Check #2

    First, let me express a caveat. I don't really care for "hack the box" contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right circumstances. So, don't read too much into the...
  • Blog Post: January 2007 - Vuln Scorecard

    I just posted my January 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Sun, and Mac OS X, broken down by server and workstation. I do include the first 2 months of Windows Vista as well, which...
  • Blog Post: Q1 2008 - Client OS Vulnerability Scorecard

    This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Red Hat Enterprise Linux Desktop (v. 5 client) Red...
  • Blog Post: Mac OS X Security Myth #2: Nobody Attacks Mac OS X

    Following up on Mac OS X Security Myth #1: Mac OS X Has Few Security Bugs , this post continues my look at "perception versus reality" for Mac OS X security. There aren't a lot of sources of validated compromises, but one of the few we can check is www.zone-h.com , which gathers and documents web...
  • Blog Post: Mac OS X Security Myth #3: Mac OS X Has More Security Designed In

    Following up on Mac OS X Security Myth#1 (fewer vulns) and Security Myth#2 (nobody attacks), this post continues my look at "perception versus reality" for Mac OS X security. There are a couple of different ways that I've heard this Myth expressed. The first can be seen as promulgated by Apple marketing...
  • Blog Post: 2006 Client OS Days of Risk

    As a follow-up to my previous Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows , where I compare Microsoft, Red Hat, Novell SUSE, Apple Mac OS X and Sun Solaris, I've also completed a look at the latest client products that were available for the full year of 2006 (this means Novell NLD9 instead...
  • Blog Post: Black Hat : Got2 Luv the H8ers

    So, this afternoon, I'm in the Microsoft booth at Black Hat when this guy comes up (badge hidden of course) and starts talking to some of my colleagues. Right away, it was pretty obvious that he was antagonistic. I will refer to him as "h8er" from here on out. Though I am paraphrasing a bit, this is...
  • Blog Post: Windows Vista - 6-Month Vulnerability Study

    I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn't been doing a great job of cross-posting some things. Six months is a much more interesting time frame than the previous Windows Vista - 90 Day Vulnerability Report , and gives...
  • Blog Post: July 2007 - Operating System Vulnerability Scorecard

    Summer and work travel have really had an impact and I've missed a couple of months of scorecards, so last weekend, I decided to dig in and catch up to July. I hit a few road bumps: Sun changed their Security Alerts web site, making it a bit more challenging. I gave up for now, but will try to add them...
  • Blog Post: Computerworld: Apple delivers record monster security update

    (Computerworld) Apple [yesterday] patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood...
  • Blog Post: Windows Vista 90 Day Vulnerability Analysis

    February 28 th marked 90 days that Windows Vista had been available to business customers. Has it been a good or a bad 90 days for security vulnerabilities? Dang, this is a sweet chart, but click here to read all the details and download the full report . Best regards ~ Jeff
  • Blog Post: Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

    This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just...
  • Blog Post: Mac OS X Security Myth #1: Mac OS X Has Few Security Bugs

    Inspired by the MacWorld Expo and Apple's security marketing claims (not to mention that ad campaign from last year), I've decided to add Mac OS X to the list of products that I monitor for "perception versus reality." First, let's review what Apple has to say about their security : Freedom...