Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: March 2007 - Vuln Scorecard

    I just posted my March 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation. Here is the workstation chart: I plan to update this...
  • Blog Post: Fallout in Linux Land

    Yesterday, Eric S. Raymond (ESR) publicly dumped Red Hat Fedora and made the switch to Ubuntu: Eric S. Raymond Gives Up on Fedora , burning bridges left and right behind him. In Eric's words: Over the last five years, I've watched Red Hat/Fedora throw away what was at one time a near-unassailable...
  • Blog Post: Windows vs Linux - Workstation Comparison - Q3 2006

    NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure. Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows. The "unsupported" part of that bothers me, so I check for...
  • Blog Post: Ubuntu 6.06 LTS (Dapper Drake) - 90 Day Security Vulnerability Scorecard

    Based upon Debian, Ubuntu has cool release names like "Warty Warthog", "Hoary Hedgehog", "Breezy Badger" and "Dapper Drake" and is certainly the current fair haired Linux. Warty Warhog, aka Ubuntu 4.10, was the first release in October 2004. Dapper Drake, released on June 1 of this year added Ubuntu...
  • Blog Post: January 2007 - Vuln Scorecard

    I just posted my January 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Sun, and Mac OS X, broken down by server and workstation. I do include the first 2 months of Windows Vista as well, which...
  • Blog Post: Q1 2008 - Client OS Vulnerability Scorecard

    This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Red Hat Enterprise Linux Desktop (v. 5 client) Red...
  • Blog Post: December 2006 Catch-up

    Well, between the Holidays and 2 weeks of being sick, I didn't stay very current during December. So, to get back on track, I thought I'd create this summary, backdate it to December 31 (today is January 2nd, 2007), just so I can share my comments on some of the interesting security happenings during...
  • Blog Post: Ubuntu CVE Tracker

    Today I was looking at some of the various vendor security and advisory sites and I noticed at the top of the Ubuntu site:  For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker . I had not seen the Ubuntu CVE Tracker before, so I checked out, very interested because...
  • Blog Post: February 2007 - Vuln Scorecard

    I just posted my February 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation. I do include the first 3 months of Windows Vista as...
  • Blog Post: Windows Vista - 6-Month Vulnerability Study

    I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn't been doing a great job of cross-posting some things. Six months is a much more interesting time frame than the previous Windows Vista - 90 Day Vulnerability Report , and gives...
  • Blog Post: July 2007 - Operating System Vulnerability Scorecard

    Summer and work travel have really had an impact and I've missed a couple of months of scorecards, so last weekend, I decided to dig in and catch up to July. I hit a few road bumps: Sun changed their Security Alerts web site, making it a bit more challenging. I gave up for now, but will try to add them...
  • Blog Post: Windows vs Linux - Workstation - Q3 2006 addendum (High+Remote)

    This post is dedicated to n00dles , for daring to ask for even more detail ;-) and should be considered as an addendum to Windows vs Linux - Workstation Comparison - Q3 2006 . Same caveats apply: NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure...
  • Blog Post: Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

    This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just...