Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Microsoft Security Blog

  • The Risk of Running Windows XP After Support Ends April 2014

    Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014.  Since then, many of the customers I have talked to have moved, or are in the process of moving,  their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.

    There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft.  Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8.  I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.

    What is the risk of continuing to run Windows XP after its end of support date?  One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case. Read more.

  • New Data Sheds Light on Shifting Cybercriminal Tactics

    New data released today suggests that the security mitigations that Microsoft has included in newer software has helped make malicious cyber acts more difficult for would-be attackers. Effective security mitigations raise the cost of doing business for cybercriminals. The data also indicates that cybercriminals are increasingly utilizing deceptive tactics in their attempts to compromise systems.

    This is a key finding of our latest cybersecurity report, that we publish twice a year to help our customers, partners, and the broader cybersecurity community understand the tools, tactics and threats posed by cybercriminals. This knowledge is essential for IT and security professionals trying to better protect themselves and their organizations from cyber-attacks.

    New research conducted by Trustworthy Computing’s Security Science team shows a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013. This is a clear indication that newer products are providing better protection, even in cases where vulnerabilities exist. While this trend is promising, cybercriminals aren’t giving up. Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices. The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled. The security mitigations included in newer Microsoft products have raised the technical bar for would-be attackers, which may be one of the factors driving an increase in the use of deceptive tactics. Read more

  • Cyber threats to Windows XP and guidance for Small Businesses and Individual Consumers

    It’s been well publicized that on April 8th, 2014 Microsoft discontinues product support for Windows XP.  Released in 2001, the support policy for the life of Windows XP soon followed in October 2002.  In September 2007, we announced that support for Windows XP would be extended an additional two years to April 8 2014.  We are very clear about the lifecycle of our products, deliberately communicating this information years in advance, because we know customers need time to plan for changes to their technology investments and manage upgrades to newer systems and services. 

    We’ve also focused on communicating regularly, such as an article posted in August of last year.  That piece focused on the fact that supported versions get security updates that address any newly discovered vulnerabilities, which Windows XP won’t receive after April 8, 2014.  This means that running Windows XP when the product is obsolete (after support ends), will increase the risk of technology being affected by cybercriminals attempting to do harm.  This blog post continues on from that article, and also provides guidance to consider as people look ahead.

    Many of the enterprise customers I’ve talked to recently have finished, or are in the process of finishing, technology projects that move their desktop computing environments from Windows XP to Windows 7 or Windows 8.  However, I’ve also talked to some small businesses and individuals that don’t plan to replace their Windows XP systems even after support for these systems ends in April.  In light of this, I want to share some of the specific threats to Windows XP-based systems that attackers may attempt after support ends, so that these customers can understand the risks and hopefully decide to immediately upgrade to a more secure version of Windows, or accelerate existing plans to do so. Read more

  • Microsoft Services unaffected by OpenSSL "Heartbleed" vulnerability

    Posted by: Tracey Pretorius, Director, Trustworthy Computing

    On April 8, 2014, security researchers announced a flaw in the OpenSSL encryption software library used by many websites to protect customers’ data. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access a website’s customer data along with traffic encryption keys.

    After a thorough investigation, we determined that Microsoft Services are not impacted by the OpenSSL “Heartbleed” vulnerability. In addition, Windows’ implementation of SSL/TLS was not impacted.

    Microsoft always encourages customers to be vigilant with the security of their online accounts, change their account passwords periodically and to use complex passwords. More information on how to create strong passwords is available here: Microsoft Security & Safety Center: Create strong passwords.  Read more

  • Cybersecurity 2020 Student Essay Contest

    Microsoft is looking for great student research on the future of cybersecurity policy. If you have conducted or plan to conduct such research, read on for information on how you can win a $5,000 cash prize for your research in our Cybersecurity 2020 essay contest.

  • New Microsoft Threat Modeling Tool 2014 Now Available

    Today we’re announcing the release of the Microsoft Threat Modeling Tool 2014. This is the latest version of the free Security Development Lifecycle Threat Modeling Tool that was previously released back in 2011.

    More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating. Threat modeling is also used to help identify mitigations that can reduce the overall risk to a system and the data it processes. Once customers try threat modeling, they typically find it to be a useful addition to their approach to risk management.  

    We have been threat modeling at Microsoft for more than 10 years. It is a key piece of the design phase of the Microsoft Security Development Lifecycle (SDL).  In 2011 we released the SDL Threat Modeling Tool, free of charge, to make it easier for customers and partners to threat model as part of their software development processes. The tool has been very popular and we have received a lot of positive customer feedback in addition to suggestions for improvement. Read more

  • Microsoft’s Free Security Tools – Windows Defender Offline

    This article in our series focused on Microsoft’s free security tools is on a tool called Windows Defender Offline.  Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC.  Once on a PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk.

  • Security Professionals: Top Cyber Threat Predictions for 2014

    As we near the end of 2013, it’s a perfect time to reflect on recent security events, the state of the industry and provide a glimpse into the future on how we anticipate the threat landscape to evolve in 2014. Read more

  • Threats in the Cloud – Part 1: DNS Attacks

    The popularity of Cloud services has increased immensely over the past few years. Transparency into how these services are architected and managed has played a big role in this growth story. Many of the CISOs I talk to about leveraging Cloud services want insight into the types of threats that Cloud services face, in order to feel comfortable with hosting their organization’s data and applications in the Cloud. In the latest volume of the Microsoft Security Intelligence Report, volume 15, we include details on a couple of threats that Cloud service providers and their customers should be aware of. But for organizations that have been running their own data centers and web properties, these threats will be familiar and come as no surprise; attacks on the global Domain Name System (DNS) infrastructure and Distributed Denial of Service (DDoS) attacks are something that proprietors of Internet-connected IT infrastructures and Cloud services, big and small, need to be aware of and plan for in order to manage the risk of interruption to their operations. These attacks have the potential to interrupt Internet services such as websites, portals, and Cloud services, and to infect Internet connected devices with malware. Read more

  • Drive-by Download Attacks: Examining the Web Server Platforms Attackers Use Most Often

    We have included data on drive-by download attacks in numerous past volumes of the Microsoft Security Intelligence Report. But in the latest volume of the report, volume 15, we published some new data that we haven’t included in the report before - the relative prevalence of drive-by download sites hosted on different web server platforms.

    Drive-by download attacks continue to be many attacker’s favorite type of attack. This is something I have written about several times in the past. Read more