Modern browsers are closing the door on Java exploits, but some threats remain

Was 2015 the year the industry finally eradicated Java exploitation? Well, not quite, but the good news is we’re getting there. It should be no surprise that encounters with Java exploits continued to decrease significantly in the second half of 2015 — All of the most commonly encountered exploits target vulnerabilities that were addressed with security updates years ago. While Java was once the vehicle of choice for attackers, modern … Read more »

Hacks for sale: Exploit kits provide easy avenue for unskilled attackers

One of the most common cyber-attack vehicles we’ve seen over the years involves so-called “exploit kits.” These are collections of exploits bundled together and sold as commercial software or as a service. A typical kit includes a collection of web pages with exploits for several vulnerabilities in popular web browsers, browser add-ons, or other types of software. When an attacker installs the kit on a web server, visitors to the … Read more »

Keep Microsoft software up to date — and everything else too

Many of the CIOs and CISOs that I talk to, have, over time, developed mature vulnerability assessment methodologies and security updating processes. But frequently, I find that the focus of these processes is squarely on keeping Microsoft operating systems and browsers up to date. Of course vulnerabilities in popular operating systems or browsers have the potential to affect a broad audience. Another reason for this focus is that Microsoft has … Read more »

As strong as your weakest link: A look at application vulnerability

When it comes to patching and updating software vulnerabilities, operating systems and web browsers seem to get all the love. But in reality, vulnerabilities in those two types of software usually account for a minority of the publicly disclosed vulnerabilities published in the National Vulnerability Database (NVD), the U.S. government’s repository of standards-based vulnerability management data. Where are the rest of the vulnerabilities? The majority are in applications (i.e. software … Read more »

Top security trends in IoT

The continuous connection of smart devices across networks, commonly called the Internet of Things (IoT) is driving a transformation in how enterprises all over the world manage network infrastructure and digital identities. With such rapid change comes new cybersecurity challenges. Many organizations are hesitant to tap into the power of the IoT due to the complexities and risk associated with managing such a diverse – and sometimes unclear – environment. … Read more »

Rise in severe vulnerabilities highlights importance of software updates

In the context of computer security, vulnerabilities are weaknesses in software that could allow an attacker to compromise the integrity, availability, or confidentiality of either the software itself or the system it’s running on. Some of the worst vulnerabilities allow attackers to exploit the compromised system by causing it to run malicious code without the user’s knowledge. The effects of this can range from the annoying (experiencing unwanted pop-up ads) … Read more »

Introducing the Microsoft Secure blog

For the past ten years on this blog we have shared Microsoft’s point of view on security, privacy, reliability, and trust. It has become the place to go for in-depth articles on Microsoft products and services, as well as tips and recommendations for improving security in your organization. Last November, Microsoft CEO Satya Nadella outlined our new approach to cybersecurity — one that leverages Microsoft’s unique perspective on threat intelligence, … Read more »

FedRAMP High: Trust is cloud security validated

The latest Government Office of Accountability report dealing with the security of high impact information technology (IT) systems continues to point out opportunities for improvement in cybersecurity across the US Federal Government. While improvements have been made, the persistence of the challenge is disquieting.  Particularly troubling is that many of the concerns result from long-standing and well known inefficiencies in the government’s current IT environment, such as low asset utilization, … Read more »

Connecting the dots to get ahead of your next security challenge

It is turbulent times we live in. The same technology that provides unprecedented global connections and productivity also provides hackers unprecedented surface area to commit headline-earning crimes. That’s why Microsoft is investing over $1 billion annually in security capabilities and connecting dots across the critical endpoints of today’s cloud and mobile world to help you keep up with security challenges. Join Ann Johnson and myself as we talk about the … Read more »

Microsoft’s unique perspective on cybersecurity

Being one of the more established companies in IT has its advantages. At Microsoft, we’ve seen IT management and the datacenter morph and change over time. Our technology has powered and protected some of the biggest and most complex systems in the world. And we’ve learned a thing or two from all this experience. We’re bringing our experiences together into a set of insights and ecosystem of partnerships to make … Read more »