Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Two new Security Advisories By Roger Halbheer, on February 24th, 2009 I just want to make sure you have seen it:
- There were some reports in the last day or two about targeted attacks on Excel. We are aware of these reports and are looking into this. In order to give you our assessment of the situation, we published Microsoft Security Advisory (968272)
- From what we know so far, an attacker who could exploit this vulnerability could get the privileges of the logged on user. So, if you are not Admin, this would lower the risk.
- This attack goes after the binary version of Excel files. So, if you are saving the file with the Office 2007 format (.xlsx) the attack does not work.
- You should definitely look into the workarounds mentioned in the Advisory.
- The second advisory is about an update for Windows AutoRun (Microsoft Security Advisory (967940))
Roger
Related posts:
- Two Important Changes Today to Our Bulletin Process
- New Information on SQL Injection Attacks
- Microsoft Advisory for Safari Flaw
- Two Important Whitepaper on Windows Server 2008
- 0-Day-Patch – An new Metric for Security?
Leave a Reply
|
|
|
