Archive

Archive for the ‘Microsoft Security Response Center’ Category

RSA Conference 2015: Enhancing Cloud Trust

March 31st, 2015 No comments

RSA Conference USA 2015 is just a few weeks away (April 20-24) in San Francisco. Given the numerous noteworthy cybersecurity events that have occurred over the last 12 months, I expect this conference to be well attended, yet again!

Once more, Microsoft is a Diamond sponsor, and Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a keynote at the conference. His keynote, entitled “Enhancing Cloud Trust,” will be delivered Tuesday, April 21st at 8:50 AM PT.

On Tuesday, April 21st at 1:10 PM PT, I will be delivering a speaker session, “Exploitation Trends: from potential risk to actual risk” as part of the Breaking Research track. Microsoft researchers have studied some of the exploits discovered over the past several years and the specific vulnerabilities in Microsoft software that were targeted. The goal of this of study is to understand which vulnerabilities are exploited, who exploits them, the timing of exploitation attempts relative to when security updates are available, and how these vulnerabilities were introduced into code. These findings are key in helping security professionals more accurately assess the risk vulnerabilities pose.

I’m excited to be joined by two exploit researchers Matt Miller, Principal Security Software Engineer from the Microsoft Security Response Center and David Weston, Principal Program Manager from the Microsoft One Protection Team. Together, we will be discussing the long-term trend data and our brand new research.

And finally, we will examine how exploits are monetized through exploit kits that are sold as commercial software or as a service as well as development practices that can help minimize such vulnerabilities.

There are several Microsoft speakers at the conference this year; below is a full list of their sessions.

MICROSOFT SPEAKER SESSIONS

Title Date Time (PT)
License to Kill: Malware Hunting with the Sysinternals Tools – Mark Russinovich Tuesday, 4/21 1:10 PM
Exploitation Trends: from potential risk to actual risk – Tim Rains, Matt Miller, David Weston Tuesday, 4/21 1:10 PM
Security and Privacy in the Cloud:  How Far Have We Come? – Bret Arsenault (Panel Discussion) Tuesday, 4/21 4:40 PM
Assume Breach: An Inside Look at Cloud Service Provider Security – Mark Russinovich Wednesday, 4/22 8:00 AM
Doing Security Response with your Cloud Service Provider – Jerry Cochran (Peer-to-Peer Session) Wednesday, 4/22 8:00 AM
License to Kill: Malware Hunting with the Sysinternals Tools – Mark Russinovich Wednesday, 4/22 9:10 AM
Enterprise Cloud: Advancing SaaS Security and Trust – Chang Kawaguchi Wednesday, 4/22 10:20 AM
The Legal Pitfalls of Failing to Develop Secure Cloud Services – Cristin Goodwin Thursday, 4/23 10:20 AM
Pass-the-Hash II: The Wrath of Hardware – Nathan Ide Thursday, 4/23 10:20 AM

 Microsoft is also hosting a booth on the expo floor where we will host a number of theater sessions. To find session descriptions and times, as well as details on the Microsoft party (Wednesday, April 22nd, 8:00 PM PT), please visit http://rsa2015.microsoft.com.

One other session that I think you should check out is being delivered by a longtime colleague, Nicole Miller, Senior Vice President, Cybersecurity & Issues Management, Waggener Edstrom. Nicole has been working with companies on cybersecurity for many years, and it’s a rare treat to hear her speak in public. Her session is called “From the Battlefield: Managing Customer Perceptions in a Security Crisis” and is scheduled on Tuesday, April 21, 2015 at 3:30 PM PT.

I hope to see you at the conference!

Get advance notice about March 2014 security updates

March 6th, 2014 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the March security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it. 

For other versions of Windows, you can check whether automatic updating is turned on through the Microsoft Update website. This will open Windows Update in Control Panel; if automatic updating is not turned on, you’ll be guided through the steps to set it up. After that, all the latest security and performance improvements will be installed on your PC quickly and reliably.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications

Get advance notice about July security updates

July 5th, 2012 No comments

Today the Microsoft Security Response Center (MSRC) posted details about the July security updates. On Tuesday, July 10 at approximately 10 AM Pacific Time Microsoft will release 9 bulletins.

The easiest way to get the updates when they’re available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to allow customers (especially IT professionals) to plan for effective deployment of security updates.

Advanced Notification includes information about:

  • The number of new security updates being released
  • The software affected
  • Severity levels of vulnerabilities
  • Information about any detection tools relevant to the updates

Get advance notice about March security updates

March 9th, 2012 No comments

Today the Microsoft Security Response Center (MSRC) posted details about the March security updates. On Tuesday, March 13 at approximately 10 AM Pacific Time Microsoft will release 6 bulletins.

The easiest way to get the updates when they’re available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to allow customers (especially IT professionals) to plan for effective deployment of security updates.

Advanced Notification includes information about:

  • The number of new security updates being released
  • The software affected
  • Severity levels of vulnerabilities
  • Information about any detection tools relevant to the updates

For more information about the security updates that will be released on March 13, see Microsoft Security Bulletin Advance Notification for March 2012.

For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog. If you are on Twitter, you might want also want to follow @MSFTSecResponse.