Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.
There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.
What is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case. Read more.
Microsoft is looking for great student research on the future of cybersecurity policy. If you have conducted or plan to conduct such research, read on for information on how you can win a $5,000 cash prize for your research in our Cybersecurity 2020 essay contest.
As we near the end of 2013, it’s a perfect time to reflect on recent security events, the state of the industry and provide a glimpse into the future on how we anticipate the threat landscape to evolve in 2014. Read more
In my travels abroad over the years, I have had the great opportunity to meet with many enterprise customers to discuss the evolving threat landscape. In addition to helping inform customers, these meetings have provided me with an opportunity to learn more about how customers are managing risk within their environments. Many of these customers are interested in learning about the top threats found in enterprise environments. Visibility into what threats are most common in enterprise environments helps organizations assess their current security posture and better prioritize their security investments. Given the high level of interest in this information, I thought it would be helpful to take a close look at the top 10 threats facing enterprise customers based on new intelligence from the latest Microsoft Security Intelligence Report (SIRv15).
The latest report found that in the enterprise environment, on average about 11% of systems encountered malware, worldwide between the third quarter of 2012 (3Q12) and the second quarter of 2013 (2Q13). The “encounter rate” is defined as the percentage of computers running Microsoft real-time security software that report detecting malware - typically resulting in a blocked installation of malware. This is different from the number of systems that actually get infected with malware, a measure called computers cleaned per mille (CCM). Read more
We have included data on drive-by download attacks in numerous past volumes of the Microsoft Security Intelligence Report. But in the latest volume of the report, volume 15, we published some new data that we haven’t included in the report before - the relative prevalence of drive-by download sites hosted on different web server platforms.
Drive-by download attacks continue to be many attacker’s favorite type of attack. This is something I have written about several times in the past. Read more
This article in our series focused on Microsoft’s free security tools is on a tool called Windows Defender Offline. Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC. Once on a PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk.
A few months ago we launched the Microsoft Security Intelligence Report (SIR) application that was designed to provide customers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The SIR app makes it easy to find, copy and share data from the Microsoft Security Intelligence Report. The SIR app runs on Windows 7 and Windows 8 based systems. Read more
Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries. Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team.
It is important to note that each phase has one or more technical and, more importantly, administrative controls that could have been used to block or slow down the attack. These mitigations are listed after each phase. Each mitigation addresses specific behaviors and attack vectors that have been seen previously in multiple security incidents. Read more.
The popularity of Cloud services has increased immensely over the past few years. Transparency into how these services are architected and managed has played a big role in this growth story. Many of the CISOs I talk to about leveraging Cloud services want insight into the types of threats that Cloud services face, in order to feel comfortable with hosting their organization’s data and applications in the Cloud. In the latest volume of the Microsoft Security Intelligence Report, volume 15, we include details on a couple of threats that Cloud service providers and their customers should be aware of. But for organizations that have been running their own data centers and web properties, these threats will be familiar and come as no surprise; attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks are something that proprietors of Internet-connected IT infrastructures and Cloud services, big and small, need to be aware of and plan for in order to manage the risk of interruption to their operations. These attacks have the potential to interrupt Internet services such as websites, portals, and Cloud services, and to infect Internet connected devices with malware. Read more
Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing
This morning we released a new special edition of the Microsoft Security Intelligence Report entitled The Cybersecurity Risk Paradox: Impact of Social, Economic, and Technological Factors on Rates of Malware. Last year, we released a special edition to the Microsoft Security Intelligence Report titled Linking Cybersecurity Outcomes and Policies, which described specific ways that social and economic factors affect cybersecurity development worldwide. Today we are releasing a follow-up study that builds on the earlier learnings of that study. In this article, I want to share a bit background on this study. Read more