The latest volume of the Microsoft Security Intelligence Report (SIR) is now available for free download at www.microsoft.com/sir. We’ve been publishing threat intelligence reports for our customers, partners and the industry for 10 years now. During that time, we’ve published over 12,500 pages of threat intelligence, 100+ blog posts, many videos, and delivered thousands of […]
A few weeks back I had the opportunity to I speak at the Cloud Security Alliance Summit 2016 held in San Francisco, California. Microsoft was a Platinum sponsor of the event. I participated in a panel discussion on cloud security that focused on lessons learned from a cloud services provider’s point of view. Google, Dropbox, […]
OneDrive for Business can help ensure that business files for organizations’ users are stored in a central location making it easy for users to search, share and collaborate on documents using a range of devices.
We released the latest volume of the Microsoft Security Intelligence Report last week. The latest data on how different versions of the Windows operating system are mitigating modern malware attacks suggests that newer versions are performing better than older versions. The figure below illustrates the malware infection rates for Windows client and server operating systems […]
Volume 18 of the Microsoft Security Intelligence Report (SIR) is now available at http://microsoft.com/sir. This volume of the SIR focuses on the second half of 2014 and contains longer term trend data as well. SIR volume 18 contains data, insights and practical guidance on a range of global and regional cybersecurity threats including vulnerability disclosures, […]
In early March, I had the fortunate opportunity to speak at the ABB Automation & Power World 2015 conference in Houston, TX. This event is like a “Disneyland” for critical infrastructure providers (CIPs)! This was my first time attending the bi-annual event and I was blown away by the innovative power and automation technologies that […]
Although pass-the-hash credential theft and reuse attacks aren’t new, more recently security researchers have been focusing on attack methods for Kerberos authentication.
When you buy a new computer, often times it will come pre-installed with software provided by the manufacturer. This is commonly done by software providers as way to entice people to try their products before they buy. One of the most common types of software that comes pre-installed on computers is antivirus or antimalware protection […]
Microsoft Antimalware for Azure Cloud Services and Virtual Machines is now generally available for Microsoft Azure customers. This new security extension for Microsoft Azure provides an additional layer of security by helping to identify, block and remove malicious software on virtual machines managed by Azure customers. It provides real time protection from the latest threats, […]
<p>A vulnerability disclosure, as the term is used in the <a href="http://www.microsoft.com/sir">Microsoft Security Intelligence Report</a>, is the revelation of a software vulnerability to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, independent security researchers, and even malware creators.</p> <p>The vulnerability disclosure data in the Security Intelligence Report is compiled from vulnerability disclosure data that is published in the <a href="http://nvd.nist.gov/">National Vulnerability Database </a>(NVD). This database is the US government’s repository of standards-based vulnerability management data. The NVD represents all disclosures that have a published Common Vulnerabilities and Exposures (CVE) identifier.</p> <p><span style="text-decoration:underline;"><strong>Industry-wide vulnerability disclosures trending upwards</strong></span><br>Figure 1 illustrates the vulnerability disclosure trend across the entire industry since 2011. Between 2011 and the end of 2013 vulnerability disclosure counts ranged from a low of 1,926 in the second half of 2011 to a high of 2,588 in the first half of 2012; there were more than 4,000 vulnerability disclosures across the entire industry each year during this period. For <a href="/b/security/archive/2012/03/15/trustworthy-computing-learning-about-threats-for-over-10-years-part-4.aspx">additional context</a>, the peak period for industrywide vulnerability disclosures was 2006-2007 when 6,000 - 7,000 vulnerabilities were disclosed each year. Vulnerability disclosures across the industry in the second half of 2013 (2H13) were up 6.5 percent from the first half of the year, and up 12.6 percent from the second half of 2012. <a href="/b/security/archive/2014/07/08/industry-vulnerability-disclosures-trending-up.aspx">Read more</a></p>
<p>Today, the Microsoft Security Response Center (MSRC) announced the private preview of <a href="http://www.microsoft.com/interflow">Microsoft Interflow</a>. This is a security and threat information exchange platform for cybersecurity analysts and researchers.</p> <p>Interflow provides an automated machine-readable feed of threat and security information that can be shared across industries and community groups in near real-time. This platform provides this information using open specifications <a href="http://stix.mitre.org/">STIX™ (Structured Threat Information eXpression), </a><a href="http://taxii.mitre.org/">TAXII™ (Trusted Automated eXchange of Indicator Information), </a>and<a href="http://cybox.mitre.org/"> CybOX™ (Cyber Observable eXpression standards). </a>This enables Interflow to integrate with existing operational and analytical tools that many organizations use through a plug-in architecture. It has the potential to help reduce the cost of defense by automating processes that are currently performed manually. </p> <p>You can get more information on Microsoft Interflow on the <a href="/b/msrc/archive/2014/06/23/announcing-microsoft-interflow.aspx">MSRC blog</a>, and as well as in this <a href="http://technet.microsoft.com/en-us/security/dn726547">FAQ</a> and at <a href="http://www.microsoft.com/interflow">www.microsoft.com/interflow</a>.</p>
<p>One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen? Trustworthy Computing’s <a href="http://www.microsoft.com/security/msec.aspx">Security Science </a>team published new data that helps put the timing of exploitation into perspective, in the recently released <a href="http://www.microsoft.com/sir">Microsoft Security Intelligence Report volume 16</a>.</p> <p>The Security Science team studied exploits that emerged for the most severe vulnerabilities in Microsoft software between 2006 and 2013. The exploits studied were for vulnerabilities that enable remote code execution. The timing of the release of the first known exploit for each remote code execution vulnerability was examined and the results were put into three groups. <a href="/b/security/archive/2014/06/16/when-vulnerabilities-are-exploited-the-timing-of-first-known-exploits-for-remote-code-execution-vulnerabilities.aspx">Read more</a></p>
Notifications
