CNet 3 part series on Securing Microsoft (complete list of articles)

Here are the URL's for the 3 part series on 'Securing Microsoft' which is a pretty good behind the scenes look at the organization I work in.

Day 1: http://www.news.com/At-software-giant%2C-pain-gives-rise-to-progress/2009-7349_3-6220566.html

Day 2: http://www.news.com/Inviting-the-hackers-inside/2009-7349_3-6221138.html

Day 3: http://www.news.com/The-next-generation-of-security-threats/2009-7349_3-6221150.html

Now to be fair - I don't think I said exactly this "That's one thing I want you to take away from this," Hensing tells the Microsoft developers. "Applications are dangerous."

The point I was trying to drive home in my presentation is that all applications that parse complex file formats are potentially dangerous - even seemingly innocuous ones like PowerPoint. :)
I then drove the point home by showing the Microsoft developers how simply double clicking a PPT file on an un-patched version of PowerPoint could get you own3d (using a PPT file that was used in an actual targeted attack this year) and then I talked about mitigation strategies like running as a non-admin user (Vista makes this really easy) and using MOICE to convert the old Office 2003 and lower files to the newer Office 2007 file formats before opening.