A pretty cool quote from John Pescatore, Gartner on third-party patches: My neighbor is a smart guy, and he designs medical machinery. However, I'm pretty sure I won't be using his homegrown remedy for bird flu. I'm also really sure I don't want my...

Mike Nash just published information about the ActiveX fix on the MSRC blog. The most important part is: New machines that ship with Windows will include the ActiveX change. For our April IE cumulative security update, we will include the IE...

There are at least two third party patches for the IE vulnerability out there. Please be aware of two things: They do not fix the actual vulnerability The application of a third-party-patch is not supported At the end it is part of your risk...

Several times already we (Microsoft) infomred about a change we will ahve to make in the way we handle ActiveX. On February, 28 we published a Security Advisory to pre-warn about this change: http://www.microsoft.com/technet/security/advisory/912945.mspx...

This February I had to opportunity to meet our internal IT Threat Modelling team together with a customer and I was really impressed how our internal IT is doing threat modelling of applications they are buying and using in our network. Now, they released...