10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Cybersecurity–More than a good headline
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ...
Update on the Internet Explorer Vulnerability By Roger Halbheer, on January 18th, 2010 There was and still is a lot of noise regarding the Internet Explorer vulnerability reported in Microsoft Security Advisory 979352 – including the normal discussion about which browser is most secure. A discussion I do not want to get into here but I think it is necessary to lay out the facts instead of all the rumors out there. George Stathakopoulos, General Manager in Trustworthy Computing and overall responsible for our response processes, published a blog tonight: Further Insight into Security Advisory 979352 and the Threat Landscape which is definitely worth reading for all of you.
I think the most important statements in there are:
The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time.
So, if it really happens that you still run Internet Explorer 6, get off of it – as soon as possible. This basically has nothing to do with the vulnerability in discussion. This is a general security-related activity.
and finally:
Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible.
Roger
Related posts:
- Security Advisory on the recent Internet Explorer Vulnerability
- Internet Explorer Security Update Ready
- Join the Windows 7 and Internet Explorer 8 Security Baselines Beta
- Download Internet Explorer 8 and help hungry people
- Vulnerability in Internet Explorer Could Allow Remote Code Execution
Leave a Reply
|
|
|
