10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Cybersecurity–More than a good headline
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ...
A few comments to yesterday's Out of Band By Roger Halbheer, on July 29th, 2009 It is pretty typical – these things often happen, when I have a really bad Internet connection  . However, I am back home and the connection is kind of better now…
I guess you have seen and heard about the two out of band updates we shipped yesterday. They are kind of special and I would like to make sure you are doing everything necessary to protect you and your customers. Therefore – even before you read the bulletins – read the Advisory which goes with the updates from yesterday called Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution. Once you understand the problem space, get familiar with the two bulletins:
Now, the real problem is with the applications and controls developed by you. If you are a developer, make definitely sure, you read the corresponding article on MSDN: Active Template Library Security Update for Developers. In there you have a very good flowchart helping you to understand whether your component might be vulnerable.
Last but definitely not least, ICASI was collaborating with Verizon Business to provide a free of charge scanning service to help you figuring out, whether your component is vulnerable. you find the information here:
- The ICASI Alert
- The Verizon Business Scanner
I hope this helps
Roger
Related posts:
- Out of Band Security Update to be Released
- MS08-067 Out of Band Released
- IMPORTANT: IE Vulnerability: Out of Band Release Scheduled for Tomorrow
- Security – One of The Key Reasons to Migrate to Windows Vista (part 1)
- MS09-017: An out-of-the-ordinary PowerPoint security update
Leave a Reply
|
|
|
