• Pre-warning: Windows Server 2003 SP1 Out of Support in April

    Posted over 5 years ago
    by rhalbheer}

    During Conficker we realized that a lot of customers are on unsupported OSs. I would like to draw your attention to a few things:

    • There is a webpage called Microsoft Support Lifecycle where you find all the information on the lifecycle of our products. Let me just quote two things:
      • Through the policy, Microsoft will offer a minimum of 10 years of support (5 years Mainstream Support and 5 years Extended Support) at the supported service pack level for Business and Developer products.
      • When a new service pack is released, Microsoft will provide either 12 or 24 months of support for the previous service pack (Remark: It is 24 months for Windows)
    • You can subscribe to a quarterly newsletter with regards to this issue: Subscribe to Microsoft Support Lifecycle Quarterly Update Newsletter
    • There is a side, where you can search for products including the products that leave Extended Support e.g. in the next 6 months http://support.microsoft.com/lifecycle/search/
    • There is one page dedicated to Service Packs: http://support.microsoft.com/gp/lifesupsps
      • If you look at that, you will see that Windows Server 2003 Service Pack 1 will be retired on 14. April 2009. This means that this is the last time you will get Security Updates for SP1! If you did not already, please start to roll-out SP2 immediately.

    Hope this helps

    Roger

  • Two new Security Advisories

    Posted over 5 years ago
    by rhalbheer}

    I just want to make sure you have seen it:

    • There were some reports in the last day or two about targeted attacks on Excel. We are aware of these reports and are looking into this. In order to give you our assessment of the situation, we published Microsoft Security Advisory (968272)
      • From what we know so far, an attacker who could exploit this vulnerability could get the privileges of the logged on user. So, if you are not Admin, this would lower the risk.
      • This attack goes after the binary version of Excel files. So, if you are saving the file with the Office 2007 format (.xlsx) the attack does not work.
      • You should definitely look into the workarounds mentioned in the Advisory.
    • The second advisory is about an update for Windows AutoRun (Microsoft Security Advisory (967940))

    Roger

  • Security Compliance Management Toolkit

    Posted over 5 years ago
    by rhalbheer}

    A few days ago, we released the Security Compliance Management Toolkit. I think that this toolkit might definitely help you to secure your environment and monitor it against a security baseline

    Security Compliance Management Toolkit Series

    Roger

  • Gazelle – the secure Web browser of the future?

    Posted over 5 years ago
    by rhalbheer}

    This is an interesting paper from Microsoft Research. Now, before you read it: This is research and be no means a commitement to develop it for IE 9.

    The Multi-Principal OS Construction of the Gazelle Web Browser

    Roger

  • The Impact of the Security Development Lifecycle

    Posted over 5 years ago
    by rhalbheer}

    Jeff Jones just started a blog series to show the impact of our Security Development Lifecycle on the updates to be deployed. It is a pretty interesting read:

    Here is the February version: Feb09 Security Bulletin SDL Benefit Summary

    Roger