• Pescatore (Gartner) on 3rd Party Patch

    A pretty cool quote from John Pescatore, Gartner on third-party patches: My neighbor is a smart guy, and he designs medical machinery. However, I'm pretty sure I won't be using his homegrown remedy for bird flu. I'm also really sure I don't want my...
  • ActiveX Change can be disabled

    Mike Nash just published information about the ActiveX fix on the MSRC blog. The most important part is: New machines that ship with Windows will include the ActiveX change. For our April IE cumulative security update, we will include the IE...
  • IE Vulnerability Update

    There are at least two third party patches for the IE vulnerability out there. Please be aware of two things: They do not fix the actual vulnerability The application of a third-party-patch is not supported At the end it is part of your risk...
  • ActiveX Behavior Change

    Several times already we (Microsoft) infomred about a change we will ahve to make in the way we handle ActiveX. On February, 28 we published a Security Advisory to pre-warn about this change: http://www.microsoft.com/technet/security/advisory/912945.mspx...
  • Application Threat Modelling

    This February I had to opportunity to meet our internal IT Threat Modelling team together with a customer and I was really impressed how our internal IT is doing threat modelling of applications they are buying and using in our network. Now, they released...