Skip to main content
Microsoft Security

Tim Rains Posts

Tim Rains
Published
1 minute read

Microsoft Security Intelligence Report Volume 20 is now available 

The latest volume of the Microsoft Security Intelligence Report (SIR) is now available for free download at www.microsoft.com/sir. We’ve been publishing threat intelligence reports for our customers, partners and the industry for 10 years now. During that time, we’ve published over 12,500 pages of threat intelligence, 100+ blog posts, many videos, and delivered thousands of […]

Published
1 minute read

Latest data shows newer versions of Windows have lower malware infection rates than older versions 

We released the latest volume of the Microsoft Security Intelligence Report last week. The latest data on how different versions of the Windows operating system are mitigating modern malware attacks suggests that newer versions are performing better than older versions. The figure below illustrates the malware infection rates for Windows client and server operating systems […]

Published
1 minute read

Latest Microsoft Security Intelligence Report Now Available 

Volume 18 of the Microsoft Security Intelligence Report (SIR) is now available at http://microsoft.com/sir. This volume of the SIR focuses on the second half of 2014 and contains longer term trend data as well. SIR volume 18 contains data, insights and practical guidance on a range of global and regional cybersecurity threats including vulnerability disclosures, […]

Published
1 minute read

ABB Automation & Power World 2015 – Cybersecurity in the evolving threat landscape 

In early March, I had the fortunate opportunity to speak at the ABB Automation & Power World 2015 conference in Houston, TX. This event is like a “Disneyland” for critical infrastructure providers (CIPs)! This was my first time attending the bi-annual event and I was blown away by the innovative power and automation technologies that […]

Your Antivirus protection has expired. So what? You might be surprised. Microsoft’s new cybersecurity report explains. 

When you buy a new computer, often times it will come pre-installed with software provided by the manufacturer. This is commonly done by software providers as way to entice people to try their products before they buy. One of the most common types of software that comes pre-installed on computers is antivirus or antimalware protection […]

Published
1 minute read

Microsoft Antimalware for Azure Cloud Services and Virtual Machines now Available for Free 

Microsoft Antimalware for Azure Cloud Services and Virtual Machines is now generally available for Microsoft Azure customers. This new security extension for Microsoft Azure provides an additional layer of security by helping to identify, block and remove malicious software on virtual machines managed by Azure customers. It provides real time protection from the latest threats, […]

Industry Vulnerability Disclosures Trending Up 

<p>A vulnerability disclosure, as the term is used in the <a href="http://www.microsoft.com/sir">Microsoft Security Intelligence Report</a>, is the revelation of a software vulnerability to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, independent security researchers, and even malware creators.</p> <p>The vulnerability disclosure data in the Security Intelligence Report is compiled from vulnerability disclosure data that is published in the <a href="http://nvd.nist.gov/">National Vulnerability Database </a>(NVD). This database is the US government’s repository of standards-based vulnerability management data. The NVD represents all disclosures that have a published Common Vulnerabilities and Exposures (CVE) identifier.</p> <p><span style="text-decoration:underline;"><strong>Industry-wide vulnerability disclosures trending upwards</strong></span><br>Figure 1 illustrates the vulnerability disclosure trend across the entire industry since 2011. Between 2011 and the end of 2013 vulnerability disclosure counts ranged from a low of 1,926 in the second half of 2011 to a high of 2,588 in the first half of 2012; there were more than 4,000 vulnerability disclosures across the entire industry each year during this period. For <a href="/b/security/archive/2012/03/15/trustworthy-computing-learning-about-threats-for-over-10-years-part-4.aspx">additional context</a>, the peak period for industrywide vulnerability disclosures was 2006-2007 when 6,000 - 7,000 vulnerabilities were disclosed each year. Vulnerability disclosures across the industry in the second half of 2013 (2H13) were up 6.5 percent from the first half of the year, and up 12.6 percent from the second half of 2012.  <a href="/b/security/archive/2014/07/08/industry-vulnerability-disclosures-trending-up.aspx">Read more</a></p>