Archive

Archive for October, 2013

Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework

October 31st, 2013 No comments

Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations. 

I was pleased to participate as a panelist alongside:

  • Mark Clancy, CISO of the Depository Trust and Clearing Corporation
  • Trevor Hughes, President and CEO of the International Association of Privacy Professionals
  • Mike Kuberski, Chief Information Security Officer of Pepco Holdings
  • Larry Trittschuh, Executive Director for Threat Management, General Electric
  • Fred Cate, Indiana University Maurer School of Law, who served as moderator

Read more

…(read more)

Newer software can increase your computer security

October 31st, 2013 No comments

This week we released volume 15 of the Security Intelligence Report (SIR), which covers our research on computer security, including software vulnerabilities, exploits, and malicious and potentially unwanted software.

One of the key findings to surface from the latest report is the increased risk of using old, unsupported software and emphasizes the positive impact of security innovations and technologies in newer software. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities.

For more information, see New cybersecurity report details risk of running unsupported software.

For more information, see our Microsoft on the Issues blog post titled “New cybersecurity report details risk of running unsupported software.”

Support for Windows XP ends in April 2014

Windows XP was released almost 12 years ago, which is an eternity in technology terms. While we are proud of the success of Windows XP in serving the needs of so many people for more than a decade, inevitably there is a tipping point where dated software and hardware can no longer defend against modern-day threats and increasingly sophisticated cybercriminals. 

If you’re still using Windows XP, you’re missing out on all kinds of enhancements to computer security, productivity, and performance that are available in Windows 7 and Windows 8.

Find out what end of support for Windows XP means to you.

MS13-085 – Important : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (October 31, 2013): Corrected the update replacement information for the 2826033 update for Microsoft Excel 2010 Service Pack 2. This is an informational change only. There were no changes to the detection logic or the update files.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

KB: System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines

October 30th, 2013 No comments

KB5333[4]This article introduces the support policy for Microsoft System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection to manage server software in the Windows Azure Virtual Machine environment (infrastructure-as-a-service).

System Center 2012 Configuration Manager Service Pack 1 (SP1) or later versions and System Center 2012 Endpoint Protection SP1 or later versions support two specific scenarios to manage server software in the Windows Azure Virtual Machine environment.

For information on these scenarios please see the following:

KB2889321 – System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines (http://support.microsoft.com/kb/2889321)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Configmgr 2012 scep 2012

Categories: Uncategorized Tags:

KB: System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines

October 30th, 2013 No comments

KB5333[4]This article introduces the support policy for Microsoft System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection to manage server software in the Windows Azure Virtual Machine environment (infrastructure-as-a-service).

System Center 2012 Configuration Manager Service Pack 1 (SP1) or later versions and System Center 2012 Endpoint Protection SP1 or later versions support two specific scenarios to manage server software in the Windows Azure Virtual Machine environment.

For information on these scenarios please see the following:

KB2889321 – System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines (http://support.microsoft.com/kb/2889321)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Configmgr 2012 scep 2012

Categories: Uncategorized Tags:

KB: System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines

October 30th, 2013 No comments

KB5333[4]This article introduces the support policy for Microsoft System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection to manage server software in the Windows Azure Virtual Machine environment (infrastructure-as-a-service).

System Center 2012 Configuration Manager Service Pack 1 (SP1) or later versions and System Center 2012 Endpoint Protection SP1 or later versions support two specific scenarios to manage server software in the Windows Azure Virtual Machine environment.

For information on these scenarios please see the following:

KB2889321 – System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines (http://support.microsoft.com/kb/2889321)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Configmgr 2012 scep 2012

Categories: Uncategorized Tags:

New infection rate data for unprotected computers

October 30th, 2013 No comments

​In the previous Microsoft Security Intelligence Report, SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers).  Using this new data, we wrote a feature story about the risks of running unprotected. Our customers told us that providing this data really helped measure the value of running real-time antimalware software. It clearly showed that security software can provide a significant contribution to a computer’s protection level. 

With Windows 8, we’ve made further improvements to help keep customers protected.

For example, Windows Defender is automatically activated when the Windows 8 device is turned on for the first time, and will only deactivate if another antimalware program is running. If there is no other antimalware software installed, Windows Defender will be enabled. If another antivirus application is activated later, Windows Defender will automatically disable itself.  Windows Action Center monitors Windows Defender, and if it is turned off, Action Center will show a notification and provide an option to turn it back on. We’ve done all of this to help ensure that all Windows customers are protected.

What happens when another antimalware product is installed, but then stops receiving updates or the license expires? 

Like a computer without antimalware protection, this computer is also considered as being in an unprotected state.

At the MMPC, we closely monitor why people fall into an unprotected state.  Joe Blackbird and Bill Pfeifer presented on this topic at Virus Bulletin this year with The global impact of anti-malware protection state on infection rates. They found that more than half of the Windows 8 customers listed as unprotected are in that state because their antivirus has expired.

After assessing the telemetry on why customers were staying unprotected, a few updates were made in Windows 8.1 to help customers make a safe choice to stay protected.  Now, after prompting a customer about their unprotected state and giving the choice to renew or see other options at the Windows Store, a final prompt helps the customer get back into a protected state even if they do not choose to renew.  If you really don’t want to have protection enabled, you can still disable it– it’s your choice.  The feature simply makes the safe choice really easy, and the less safe choice a bit more work.

During the past year I’ve talked to a lot of people who are just as passionate about keeping our customers protected as we are.  So, I’m happy to report that we now measure protected/unprotected data on a quarter-by-quarter basis as a standard part of the Microsoft Security Intelligence Report.

As shown in the following chart, our research reveals that every quarter, about 25 percent of computers are not completely protected. This includes computers that are both unprotected and intermittently protected. We count a computer as intermittently protected for the quarter if it reports being unprotected for one month. We’d like to move the number of computers in both categories closer to zero. 

We also found that computers that never had protection were 7.1 times more likely to be infected with malware than computers that always had protection.

worldwide protected computers - 3Q12–2Q13

Figure 1: Percentage of computers worldwide protected by real-time security software, 3Q12–2Q13

For more data and analysis on protected and unprotected computers, including how we calculate this data, see SIRv15.

Stay protected folks!

Holly Stewart

MMPC

Categories: Uncategorized Tags:

New infection rate data for unprotected computers

October 30th, 2013 No comments

​In the previous Microsoft Security Intelligence Report, SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers).  Using this new data, we wrote a feature story about the risks of running unprotected. Our customers told us that providing this data really helped measure the value of running real-time antimalware software. It clearly showed that security software can provide a significant contribution to a computer’s protection level. 

With Windows 8, we’ve made further improvements to help keep customers protected.

For example, Windows Defender is automatically activated when the Windows 8 device is turned on for the first time, and will only deactivate if another antimalware program is running. If there is no other antimalware software installed, Windows Defender will be enabled. If another antivirus application is activated later, Windows Defender will automatically disable itself.  Windows Action Center monitors Windows Defender, and if it is turned off, Action Center will show a notification and provide an option to turn it back on. We’ve done all of this to help ensure that all Windows customers are protected.

What happens when another antimalware product is installed, but then stops receiving updates or the license expires? 

Like a computer without antimalware protection, this computer is also considered as being in an unprotected state.

At the MMPC, we closely monitor why people fall into an unprotected state.  Joe Blackbird and Bill Pfeifer presented on this topic at Virus Bulletin this year with The global impact of anti-malware protection state on infection rates. They found that more than half of the Windows 8 customers listed as unprotected are in that state because their antivirus has expired.

After assessing the telemetry on why customers were staying unprotected, a few updates were made in Windows 8.1 to help customers make a safe choice to stay protected.  Now, after prompting a customer about their unprotected state and giving the choice to renew or see other options at the Windows Store, a final prompt helps the customer get back into a protected state even if they do not choose to renew.  If you really don’t want to have protection enabled, you can still disable it– it’s your choice.  The feature simply makes the safe choice really easy, and the less safe choice a bit more work.

During the past year I’ve talked to a lot of people who are just as passionate about keeping our customers protected as we are.  So, I’m happy to report that we now measure protected/unprotected data on a quarter-by-quarter basis as a standard part of the Microsoft Security Intelligence Report.

As shown in the following chart, our research reveals that every quarter, about 25 percent of computers are not completely protected. This includes computers that are both unprotected and intermittently protected. We count a computer as intermittently protected for the quarter if it reports being unprotected for one month. We’d like to move the number of computers in both categories closer to zero. 

We also found that computers that never had protection were 7.1 times more likely to be infected with malware than computers that always had protection.

worldwide protected computers - 3Q12–2Q13

Figure 1: Percentage of computers worldwide protected by real-time security software, 3Q12–2Q13

For more data and analysis on protected and unprotected computers, including how we calculate this data, see SIRv15.

Stay protected folks!

Holly Stewart

MMPC

Categories: Uncategorized Tags:

Service Manager 2012 R2 – Fixes included

Thomas Ellermann posted a great breakdown on the updates in R2 for Service Manager 2012. The focus in R2 for Service Manager was to tackle some of the critical customer and MVP collected bugs. Service Managers R2 release saw no major performance improvements but we are targeting Console and Portal performance in the next update (UR) cycles. With that in mind a few of the R2 fixes are associated to improving console and workflow stability, and that can help a great deal with performance.

You can find Thomas’s post here: http://blogs.technet.com/b/thomase/archive/2013/10/29/service-manager-2012-r2-fixes-included.aspx

/Enjoy!

Christian Booth (ChBooth) | Sr. Program Manager | System Center

Program Lead: System Center: Cloud & Datacenter MVP

Categories: Uncategorized Tags:

Infection rates and end of support for Windows XP

October 29th, 2013 No comments

In the newly released Volume 15 of the Microsoft Security Intelligence Report (SIRv15), one of the key findings to surface relates to new insight on the Windows XP operating system as it inches toward end of support on April 8, 2014.

In this post we want to highlight our Windows XP analysis and examine what the data says about the risks of being on unsupported software. In the SIR, we traditionally report on supported operating systems only. For this analysis we examined data from unsupported platforms, like Windows XP SP2, from a few different data points:

  • Malware encounters (newly introduced in SIRv15) in comparison to infections.
  • Infection rates for supported and unsupported operating systems.
  • Impact of antimalware protection on supported and unsupported operating systems.

Malware encounters and malware infections

Earlier today we published a blog post that discussed a new metric for analyzing malware prevalence which was introduced in the latest report. This new metric, called the encounter rate, measures the percentage of computers protected with Microsoft real-time antimalware products that come into contact with malware. It is important to note encounters do not equate to infections. Although some computers do report active malware, the vast majority of these encounters represent blocked infections reported by our antimalware products. Another recent blog explained our metrics in more detail.

You can think of the encounter rate as a way to measure what percentage of computers are exposed to malware. In comparison, the infection rate (CCM) measures how many computers out of 1,000 scanned by the Microsoft Malicious Software Removal Tool (MSRT) actually got infected. What’s really fascinating about these data points is when you compare the two.

The following chart shows the encounter rate in comparison to the infection rate by operating system and service pack. While Windows XP SP3 computers encountered almost as much malware as other platforms, computers running Windows XP as a whole experienced a much higher infection rate. For example, although Windows 8 computers may encounter a similar amount of malware as Windows XP, people who use Windows XP are six times more likely get infected.

Malware Infection and encounter rates

Figure 1: Malware Infection and encounter rates for Windows operating systems during 2Q13

A few possible reasons for the higher infection rate on Windows XP are:

  • Antimalware protection may not be active or up to date (more on this hypothesis in the last section).
  • Older technology lacks the protective measures built into more recently introduced operating systems, and therefore is challenged to defend against some attacks.

Windows XP was built more than 12 years ago and was architected to include security technologies that were innovative at the time. For example, Windows XP SP2 was released in 2004 and introduced Data Execution Prevention. However, the threat landscape has changed quite a bit since then and technologies that were built a decade ago, like DEP, are now commonly bypassed. A paper released earlier this year from Trustworthy Computing: Software Vulnerability Exploitation Trends helps illustrate this point. The paper also provides a comparison of security mitigations built into Windows 8 and compares them against the mitigations built into Windows XP.

Newer operating systems are not vulnerable to many of the exploitation techniques that are still widely used and remain effective against older platforms. Newer operating systems include a number of security features and mitigations that older versions were simply not designed for at the time.

Infection rates on unsupported operating systems

Once support ends, if Windows XP SP3 follows a trend similar to prior Windows XP versions which are unsupported now, we can expect infection rates to rise.

For example, support for Windows XP SP2 ended on July 13, 2010 (support notification). The dashed blue line in the following chart represents its infection rate after that time.

XP SP2 infection rates

Figure 2: Windows XP SP2 infection rate after end of support

In the first two years after Windows XP SP2 went out of support, the infection rate disparity between the supported (Windows XP SP3) and unsupported (Windows XP SP2) service packs grew. In fact, the infection rate of the unsupported version was, on average, 66 percent higher than the supported version (Windows XP SP3).

After support ends, Microsoft security updates are no longer provided to address new vulnerabilities found, but that does not mean that new vulnerabilities won’t be discovered and exploited by attackers. For example, it will be possible for attackers to reverse-engineer new security updates for supported platforms to identify any that may exist in unsupported platforms. Tim Rains talked about the potential impact of doing so in his blog post this morning.

Impact of malware protection on supported and unsupported operating systems

One question I hear a lot when discussing unsupported versions of the OS is “So, won’t antivirus help protect my computer?” We absolutely encourage everyone to use real-time antimalware to help protect themselves against cybercriminal activity. In fact, the latest report shows that during the last quarter unprotected computers were 7.1 times more likely to be infected than protected computers.

That said, our data also tells us that running antimalware on out-of-support systems is not an equitable solution to protect against threats. The following chart compares the monthly infection rates for protected and unprotected computers on Windows XP SP2 and Windows XP SP3 in the last half of 2012 (this data for Windows XP SP3 was reported in the “Running unprotected” section of SIRv14).

The data shows that protected systems on Windows XP SP2 are twice as likely (2.2 times, to be exact) to be infected in comparison to protected Windows XP SP3 computers. Unprotected computers show a similar trend: you’re 2.5 times as likely to be infected on Windows XP SP2 in comparison to Windows XP SP3 when neither have up-to-date antimalware protection. 

Average infection rates

Figure 3: Average infection rate for computer with and without antimalware protection

As past Microsoft Security Intelligence Reports have shown, running a well-protected solution means running up-to-date antimalware software, regularly applying security updates for all software installed and using a more modern operating system that has increased security technologies and mitigations. This advice remains consistent with the new data in SIRv15.

Of course this blog highlights just one of the many key findings in the latest report.   I encourage you to download the report today to learn all about the latest trends in the threat landscape.

Holly Stewart
MMPC

Categories: Uncategorized Tags:

Infection rates and end of support for Windows XP

October 29th, 2013 No comments

In the newly released Volume 15 of the Microsoft Security Intelligence Report (SIRv15), one of the key findings to surface relates to new insight on the Windows XP operating system as it inches toward end of support on April 8, 2014.

In this post we want to highlight our Windows XP analysis and examine what the data says about the risks of being on unsupported software. In the SIR, we traditionally report on supported operating systems only. For this analysis we examined data from unsupported platforms, like Windows XP SP2, from a few different data points:

  • Malware encounters (newly introduced in SIRv15) in comparison to infections.
  • Infection rates for supported and unsupported operating systems.
  • Impact of antimalware protection on supported and unsupported operating systems.

Malware encounters and malware infections

Earlier today we published a blog post that discussed a new metric for analyzing malware prevalence which was introduced in the latest report. This new metric, called the encounter rate, measures the percentage of computers protected with Microsoft real-time antimalware products that come into contact with malware. It is important to note encounters do not equate to infections. Although some computers do report active malware, the vast majority of these encounters represent blocked infections reported by our antimalware products. Another recent blog explained our metrics in more detail.

You can think of the encounter rate as a way to measure what percentage of computers are exposed to malware. In comparison, the infection rate (CCM) measures how many computers out of 1,000 scanned by the Microsoft Malicious Software Removal Tool (MSRT) actually got infected. What’s really fascinating about these data points is when you compare the two.

The following chart shows the encounter rate in comparison to the infection rate by operating system and service pack. While Windows XP SP3 computers encountered almost as much malware as other platforms, computers running Windows XP as a whole experienced a much higher infection rate. For example, although Windows 8 computers may encounter a similar amount of malware as Windows XP, people who use Windows XP are six times more likely get infected.

Malware Infection and encounter rates

Figure 1: Malware Infection and encounter rates for Windows operating systems during 2Q13

A few possible reasons for the higher infection rate on Windows XP are:

  • Antimalware protection may not be active or up to date (more on this hypothesis in the last section).
  • Older technology lacks the protective measures built into more recently introduced operating systems, and therefore is challenged to defend against some attacks.

Windows XP was built more than 12 years ago and was architected to include security technologies that were innovative at the time. For example, Windows XP SP2 was released in 2004 and introduced Data Execution Prevention. However, the threat landscape has changed quite a bit since then and technologies that were built a decade ago, like DEP, are now commonly bypassed. A paper released earlier this year from Trustworthy Computing: Software Vulnerability Exploitation Trends helps illustrate this point. The paper also provides a comparison of security mitigations built into Windows 8 and compares them against the mitigations built into Windows XP.

Newer operating systems are not vulnerable to many of the exploitation techniques that are still widely used and remain effective against older platforms. Newer operating systems include a number of security features and mitigations that older versions were simply not designed for at the time.

Infection rates on unsupported operating systems

Once support ends, if Windows XP SP3 follows a trend similar to prior Windows XP versions which are unsupported now, we can expect infection rates to rise.

For example, support for Windows XP SP2 ended on July 13, 2010 (support notification). The dashed blue line in the following chart represents its infection rate after that time.

XP SP2 infection rates

Figure 2: Windows XP SP2 infection rate after end of support

In the first two years after Windows XP SP2 went out of support, the infection rate disparity between the supported (Windows XP SP3) and unsupported (Windows XP SP2) service packs grew. In fact, the infection rate of the unsupported version was, on average, 66 percent higher than the supported version (Windows XP SP3).

After support ends, Microsoft security updates are no longer provided to address new vulnerabilities found, but that does not mean that new vulnerabilities won’t be discovered and exploited by attackers. For example, it will be possible for attackers to reverse-engineer new security updates for supported platforms to identify any that may exist in unsupported platforms. Tim Rains talked about the potential impact of doing so in his blog post this morning.

Impact of malware protection on supported and unsupported operating systems

One question I hear a lot when discussing unsupported versions of the OS is “So, won’t antivirus help protect my computer?” We absolutely encourage everyone to use real-time antimalware to help protect themselves against cybercriminal activity. In fact, the latest report shows that during the last quarter unprotected computers were 7.1 times more likely to be infected than protected computers.

That said, our data also tells us that running antimalware on out-of-support systems is not an equitable solution to protect against threats. The following chart compares the monthly infection rates for protected and unprotected computers on Windows XP SP2 and Windows XP SP3 in the last half of 2012 (this data for Windows XP SP3 was reported in the “Running unprotected” section of SIRv14).

The data shows that protected systems on Windows XP SP2 are twice as likely (2.2 times, to be exact) to be infected in comparison to protected Windows XP SP3 computers. Unprotected computers show a similar trend: you’re 2.5 times as likely to be infected on Windows XP SP2 in comparison to Windows XP SP3 when neither have up-to-date antimalware protection. 

Average infection rates

Figure 3: Average infection rate for computer with and without antimalware protection

As past Microsoft Security Intelligence Reports have shown, running a well-protected solution means running up-to-date antimalware software, regularly applying security updates for all software installed and using a more modern operating system that has increased security technologies and mitigations. This advice remains consistent with the new data in SIRv15.

Of course this blog highlights just one of the many key findings in the latest report.   I encourage you to download the report today to learn all about the latest trends in the threat landscape.

Holly Stewart
MMPC

Categories: Uncategorized Tags:

New Security Intelligence Report, new data, new perspectives

October 29th, 2013 No comments

Today, Microsoft released volume 15 of the Microsoft Security Intelligence Report (SIRv15). The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services.

During the past year, as we were planning this volume of the Security Intelligence Report, and as we considered how to improve the breadth and accuracy of guidance given to our customers, we gave a lot of thought on how best to represent malware prevalence beyond the data provided in past reports.

We need to establish a metric that measured the impact of malware based on our real-time protection products.

We already report on infection rates using a metric called computers cleaned per mille (CCM), which represents the number of computers cleaned for every 1,000 executions of the Malicious Software Removal Tool (MSRT). This helps us describe how widespread an infection is.

To better understand the range of threats that affect computers today, it’s increasingly valuable to consider infection attempts, including attempts that never result in infection. This data, which can only be provided by real-time security products, is measured by our new metric – the encounter rate. The encounter rate is the percent of computers running Microsoft real-time security products that come across, or encounter malware. When viewed together, the infection rate and the encounter rate provide different lenses to look at the malware landscape, assembling a picture that can contribute to a more informed risk assessment.

For example, one key finding to surface from the analysis of platforms by encounter rate and infection rate during the past year, was that computers running Windows XP encountered about as much malware as Windows 7. However, Windows XP computers experienced many more infections than other operating systems. In fact, Windows XP had an infection rate that was six times higher than Windows 8.  

Infection and encounter rates by operating system

Figure 1: Infection and encounter rates for Windows operating systems

Later today we will publish another blog which will dive deeper into the analysis of Windows XP, in light of the upcoming end of support date – April 8, 2014. Tim Rains also talks more about this issues in his latest blog.  

In our analysis of the landscape we also separate out malware from potentially unwanted software, based on severity. This distinction is important, since high/severe threats are serious enough that our products will remove these threats from computers automatically. Moderate/low threats, which we categorize as potentially unwanted software in this SIR, depend on user action to quarantine or remove.

We also show trends for countries with the highest and lowest encounter rates for malware and potentially unwanted software. Some countries appear on highest and lowest lists for potentially unwanted software and not for malware. This helps draw conclusions about the effect of potentially unwanted software on certain regions, as well as helping zero-in on the severe threats facing different locations.

As we look at threats regionally, we see one country that rose to significance in many parts of our analysis. Between the second half of 2012 and the first half of 2013, Turkey’s encounter rate increased by more than 13 percent.  Exploits, miscellaneous trojans and worms were all encountered at higher levels in Turkey when compared with other regions globally. You can read further on our findings for Turkey and other countries in SIRv15.

 

Encounter rates by country

Figure 2: Threat category prevalence worldwide and in the 10 locations with the most computers reporting detections in 2Q13. Totals for each location may exceed 100 percent because some computers reported threats from more than one category.

We also took a peek at the growing issue of ransomware – a type of malware designed to render a computer or its files unusable until the computer user pays a certain amount of money to the hacker. Often disguised as an official-looking warning from a well-known law enforcement agency, it accuses the computer user of committing a computer-related crime and demands that the user pay a fine via electronic money transfer to regain control of the computer.

We tracked the top ransomware families and found Win32/Reveton and Win32/Tobfy trending upward globally.

These are just a few of the many key findings contained in the latest report.  To download the Microsoft Security Intelligence Report Volume 15, visit www.microsoft.com/sir.

We hope you will read it, pass it on to others to read and use it as a resource to take action and help protect your computer and your organizations’ systems from malicious software.

Vidya Sekhar
MMPC

Categories: Uncategorized Tags:

New Security Intelligence Report, new data, new perspectives

October 29th, 2013 No comments

Today, Microsoft released volume 15 of the Microsoft Security Intelligence Report (SIRv15). The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services.

During the past year, as we were planning this volume of the Security Intelligence Report, and as we considered how to improve the breadth and accuracy of guidance given to our customers, we gave a lot of thought on how best to represent malware prevalence beyond the data provided in past reports.

We need to establish a metric that measured the impact of malware based on our real-time protection products.

We already report on infection rates using a metric called computers cleaned per mille (CCM), which represents the number of computers cleaned for every 1,000 executions of the Malicious Software Removal Tool (MSRT). This helps us describe how widespread an infection is.

To better understand the range of threats that affect computers today, it’s increasingly valuable to consider infection attempts, including attempts that never result in infection. This data, which can only be provided by real-time security products, is measured by our new metric – the encounter rate. The encounter rate is the percent of computers running Microsoft real-time security products that come across, or encounter malware. When viewed together, the infection rate and the encounter rate provide different lenses to look at the malware landscape, assembling a picture that can contribute to a more informed risk assessment.

For example, one key finding to surface from the analysis of platforms by encounter rate and infection rate during the past year, was that computers running Windows XP encountered about as much malware as Windows 7. However, Windows XP computers experienced many more infections than other operating systems. In fact, Windows XP had an infection rate that was six times higher than Windows 8.  

Infection and encounter rates by operating system

Figure 1: Infection and encounter rates for Windows operating systems

Later today we will publish another blog which will dive deeper into the analysis of Windows XP, in light of the upcoming end of support date – April 8, 2014. Tim Rains also talks more about this issues in his latest blog.  

In our analysis of the landscape we also separate out malware from potentially unwanted software, based on severity. This distinction is important, since high/severe threats are serious enough that our products will remove these threats from computers automatically. Moderate/low threats, which we categorize as potentially unwanted software in this SIR, depend on user action to quarantine or remove.

We also show trends for countries with the highest and lowest encounter rates for malware and potentially unwanted software. Some countries appear on highest and lowest lists for potentially unwanted software and not for malware. This helps draw conclusions about the effect of potentially unwanted software on certain regions, as well as helping zero-in on the severe threats facing different locations.

As we look at threats regionally, we see one country that rose to significance in many parts of our analysis. Between the second half of 2012 and the first half of 2013, Turkey’s encounter rate increased by more than 13 percent.  Exploits, miscellaneous trojans and worms were all encountered at higher levels in Turkey when compared with other regions globally. You can read further on our findings for Turkey and other countries in SIRv15.

 

Encounter rates by country

Figure 2: Threat category prevalence worldwide and in the 10 locations with the most computers reporting detections in 2Q13. Totals for each location may exceed 100 percent because some computers reported threats from more than one category.

We also took a peek at the growing issue of ransomware – a type of malware designed to render a computer or its files unusable until the computer user pays a certain amount of money to the hacker. Often disguised as an official-looking warning from a well-known law enforcement agency, it accuses the computer user of committing a computer-related crime and demands that the user pay a fine via electronic money transfer to regain control of the computer.

We tracked the top ransomware families and found Win32/Reveton and Win32/Tobfy trending upward globally.

These are just a few of the many key findings contained in the latest report.  To download the Microsoft Security Intelligence Report Volume 15, visit www.microsoft.com/sir.

We hope you will read it, pass it on to others to read and use it as a resource to take action and help protect your computer and your organizations’ systems from malicious software.

Vidya Sekhar
MMPC

Categories: Uncategorized Tags:

Microsoft Security Intelligence Report Volume 15 Now Available!

October 29th, 2013 No comments

This morning, at the RSA Europe conference, Mike Reavey, General Manager for Trustworthy Computing delivered a keynote in which he announced the release of the Microsoft Security Intelligence Report volume 15 (SIRv15).  The Microsoft Security Intelligence Report is the most comprehensive cybersecurity threat intelligence report in the industry that analyzes and provides in-depth perspectives on exploits, vulnerabilities, and malware for more than 100 countries/regions worldwide.  It is designed to provide prescriptive guidance which can help our customers manage risk and protect their assets.

In addition to many other key learnings, the report examines the security risks of running unsupported software and looks at the implications of using Windows XP once support, including security updates, ends on April 8, 2014.  I encourage you to check out my post titled ““New Cybersecurity Report Details Risk of Running Unsupported Software” on the Microsoft on the Issues blog which discusses the data on this topic in greater detail for more information.  To download the new Security Intelligence Report, please visit www.microsoft.com/sir.

…(read more)

Update: RAMMap v1.31

October 28th, 2013 No comments
Categories: RAMMap Tags:

Some thoughts about System Center 2012 R2

October 28th, 2013 No comments

imageAs I’m sure everyone is aware, last week we released System Center 2012 R2. With this new release, I thought it would be a good idea to call attention to a great article written by Steve Bucci, one of our top Senior Support Escalation Engineers here on our System Center team. He wrote the article back in February of this year and it talks about how System Center is a team of products, and how it’s important to remember that all these separate components were designed to work better together. To borrow a phrase from Aristotle, it’s one of those things where the whole is greater than the sum of the parts. Steve’s article brings up points that you may want to reconsider with the release of System Center 2012 R2 so if you get a free minute sometime this week I’d invite you to give it a quick read.

System Center Assemble! Create your team of heroes with System Center 2012 SP1

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Categories: Uncategorized Tags:

Our protection metrics – September results

October 26th, 2013 No comments

Earlier this year, we started publishing a new set of metrics on our portal – An evaluation of our protection performance and capabilities. These metrics show month over month how we do in three areas: coverage, quality, and customer experience in protecting our customers.

And, since we started to publish the results on this page, I’ve had many great conversations with customers and partners alike, discussing what the results mean for their organization and their protections. In this post, I want to cover some of the most common taxonomy questions I was asked during those conversations and also discuss the results for September 2013.

First, let’s dive into what the terms we use really mean:

  1. Coverage – the infection metric

    This is how we measure threat misses and infections. If we block a threat, that means we’ve protected our customers as expected and that’s a win. Misses and infections show up as a red dot and the bar chart in red.

    Misses are threats we had early warning detections on (non-blocking detection), but by the time we determined it to be a threat, the threat had either disappeared or changed into a different file on the computer.

    Infections are threats we detected and then had to remediate (instead of a block). We call these active because, according to our telemetry, they appeared to have some active running component when we detected them. On the positive side, our real-time protection detected and worked to remove the active threat. We continue to work on methods to determine the ways in which threats become active, for example, through vulnerability exploits, through another program that drops the malware, or through credential-based attacks so that we can further address these active threats and provide actionable information to customers about how to protect themselves.

    Here’s why that’s important. Many threats, like Conficker, show up as active because the threat uses passwords or exploits that were effective in compromising the system for a very brief moment in time. For example, 85% of Conficker infections on Windows 7 happen through credential-based attacks (read more about this Conficker case in SIRv12). When we detect a Conficker infection that was delivered this way (which happens immediately), we identify it as active because it was written by a system process compromised through a credential-based attack.

  2. Quality – Incorrect detections

    Incorrect detections happen when antimalware products incorrectly flag and misclassify a file as malware or unwanted software. The yellow dot and the other bar chart represent incorrect detections. In any given month, only an extremely small number of programs are incorrectly detected. In most months in 2013, for example, only 1 in a million customers experienced an incorrect detection – the percent of customers with incorrect detections was less than three zeros to the right of the decimal (<0.0001%).

  3. Customer experience

    With this criteria, we measure the performance implications of antimalware on the day-to-day activities that a person might perform – such as opening an application, browsing the web, downloading files, and playing games and multimedia. Latency perceptible by a human tends to land within the 50 to 100 millisecond range. In most months, most activities stay under 100 milliseconds latency. This is the second graphic on our results page and it shows the customer experience when running the latest version of Windows Defender on the latest version of Windows 8. September’s measurement reflects Windows 8.1.

To sum it up, the two graphics on our results page highlight the findings for coverage, quality, and customer experience (in terms of system performance). The first graphic shows protection coverage and quality for Microsoft’s real-time protection products that cover home, small business, and enterprise, which represent approximately 150 million endpoints. The second graphic shows the performance implications when running the latest version of Windows Defender on the latest version of Windows 8. There is a great whitepaper that provides additional insights at this link.

And finally, let’s talk about the September 2013 results:

  1. Coverage and top infections – September 2013

    In September, 0.17% of our customers encountered a miss (0.03%) or an infection (0.14%). This infection number was uncharacteristically high because of the resurgence of an old threat we currently call Sefnit. 44% of the active detections for the month were related to this Sefnit family. That’s a very large percentage – on normal months, no one family represents more than 6% of active infections. As we investigated the threat, we noticed that the distributors of Sefnit were using some sneaky techniques to infect computers, including using installer programs that install legitimate software but occasionally install legitimate software with bonus material (Sefnit). Sefnit distributors are also modifying the appearance of components, such as sometimes using an obfuscator and then sometimes not.

  2. Incorrect detections – September 2013

    This month, only 0.00025% customers were impacted due to incorrect detections. This percentage was slightly above average. The driver for the slightly above average impact was due to an incorrect detection on a 2009 version of the Microsoft Malicious Software Removal Tool.

  3. Customer experience – September 2013

    We consistently provide great performance for our customers using Microsoft antimalware products. In September 2013, the results have been consistent with the 50 to 100 milliseconds range.

Our goal is to provide great antimalware solutions for our consumer and business customers. I hope this blog demonstrates how committed we are in raising the bar for ourselves and others in the industry for doing so. We’re monitoring our results, performance, and progress closely, prioritizing for real threats that might affect our customers and applying lessons learned to make our products even better. Plus, we support antimalware partners in order to build a strong and diverse ecosystem to fight malware – the true adversary.

Holly Stewart, Senior Program Management Lead, MMPC

Categories: Uncategorized Tags:

Our protection metrics – September results

October 26th, 2013 No comments

Earlier this year, we started publishing a new set of metrics on our portal – An evaluation of our protection performance and capabilities. These metrics show month over month how we do in three areas: coverage, quality, and customer experience in protecting our customers.

And, since we started to publish the results on this page, I’ve had many great conversations with customers and partners alike, discussing what the results mean for their organization and their protections. In this post, I want to cover some of the most common taxonomy questions I was asked during those conversations and also discuss the results for September 2013.

First, let’s dive into what the terms we use really mean:

  1. Coverage – the infection metric

    This is how we measure threat misses and infections. If we block a threat, that means we’ve protected our customers as expected and that’s a win. Misses and infections show up as a red dot and the bar chart in red.

    Misses are threats we had early warning detections on (non-blocking detection), but by the time we determined it to be a threat, the threat had either disappeared or changed into a different file on the computer.

    Infections are threats we detected and then had to remediate (instead of a block). We call these active because, according to our telemetry, they appeared to have some active running component when we detected them. On the positive side, our real-time protection detected and worked to remove the active threat. We continue to work on methods to determine the ways in which threats become active, for example, through vulnerability exploits, through another program that drops the malware, or through credential-based attacks so that we can further address these active threats and provide actionable information to customers about how to protect themselves.

    Here’s why that’s important. Many threats, like Conficker, show up as active because the threat uses passwords or exploits that were effective in compromising the system for a very brief moment in time. For example, 85% of Conficker infections on Windows 7 happen through credential-based attacks (read more about this Conficker case in SIRv12). When we detect a Conficker infection that was delivered this way (which happens immediately), we identify it as active because it was written by a system process compromised through a credential-based attack.

  2. Quality – Incorrect detections

    Incorrect detections happen when antimalware products incorrectly flag and misclassify a file as malware or unwanted software. The yellow dot and the other bar chart represent incorrect detections. In any given month, only an extremely small number of programs are incorrectly detected. In most months in 2013, for example, only 1 in a million customers experienced an incorrect detection – the percent of customers with incorrect detections was less than three zeros to the right of the decimal (<0.0001%).

  3. Customer experience

    With this criteria, we measure the performance implications of antimalware on the day-to-day activities that a person might perform – such as opening an application, browsing the web, downloading files, and playing games and multimedia. Latency perceptible by a human tends to land within the 50 to 100 millisecond range. In most months, most activities stay under 100 milliseconds latency. This is the second graphic on our results page and it shows the customer experience when running the latest version of Windows Defender on the latest version of Windows 8. September’s measurement reflects Windows 8.1.

To sum it up, the two graphics on our results page highlight the findings for coverage, quality, and customer experience (in terms of system performance). The first graphic shows protection coverage and quality for Microsoft’s real-time protection products that cover home, small business, and enterprise, which represent approximately 150 million endpoints. The second graphic shows the performance implications when running the latest version of Windows Defender on the latest version of Windows 8. There is a great whitepaper that provides additional insights at this link.

And finally, let’s talk about the September 2013 results:

  1. Coverage and top infections – September 2013

    In September, 0.17% of our customers encountered a miss (0.03%) or an infection (0.14%). This infection number was uncharacteristically high because of the resurgence of an old threat we currently call Sefnit. 44% of the active detections for the month were related to this Sefnit family. That’s a very large percentage – on normal months, no one family represents more than 6% of active infections. As we investigated the threat, we noticed that the distributors of Sefnit were using some sneaky techniques to infect computers, including using installer programs that install legitimate software but occasionally install legitimate software with bonus material (Sefnit). Sefnit distributors are also modifying the appearance of components, such as sometimes using an obfuscator and then sometimes not.

  2. Incorrect detections – September 2013

    This month, only 0.00025% customers were impacted due to incorrect detections. This percentage was slightly above average. The driver for the slightly above average impact was due to an incorrect detection on a 2009 version of the Microsoft Malicious Software Removal Tool.

  3. Customer experience – September 2013

    We consistently provide great performance for our customers using Microsoft antimalware products. In September 2013, the results have been consistent with the 50 to 100 milliseconds range.

Our goal is to provide great antimalware solutions for our consumer and business customers. I hope this blog demonstrates how committed we are in raising the bar for ourselves and others in the industry for doing so. We’re monitoring our results, performance, and progress closely, prioritizing for real threats that might affect our customers and applying lessons learned to make our products even better. Plus, we support antimalware partners in order to build a strong and diverse ecosystem to fight malware – the true adversary.

Holly Stewart, Senior Program Management Lead, MMPC

Categories: Uncategorized Tags:

Introduction: Chris Betz, new head of MSRC

October 25th, 2013 No comments

By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing.

Since joining the MSRC, I’ve spent time immersed in learning the business, meeting our global team of security research and response professionals and many of the other teams we frequently interact with here at Microsoft. That’s no small undertaking, as the MSRC identifies, monitors, resolves and responds to security incidents, ranging from cyber-attacks to vulnerability remediation. We respond to thousands of customer emails a year, and understanding our customers’ concerns and staying at the forefront of security is at the heart of my job. I’ve been impressed by the dedication, passion, and capability of the professionals who make it their personal mission to help protect our 1 billion global customers.

Before coming to Microsoft, I led information security practices at Columbia Broadcasting System (CBS).  Responsible for the security of our enterprise, my team and I were directly involved in implementing the technology and following the guidance in MSRC’s bulletins, blog posts and advisories.  I am very familiar with how the MSRC’s work affects, impacts and involves customers, security researchers, consultants and IT pros – and I’ve worked with the MSRC in several of those capacities through my career.  I’ve relied on information from the MSRC to make effective business decisions to protect our networks and, as an occasional security researcher, I’ve found technical analysis like that in the SRD Blog, to be accurate and informative.

As the new head of the MSRC, it’s my goal to continue Microsoft’s tradition of doing what’s necessary to help protect our customers. The MSRC has recently announced its progress report and MAPP expansions,  winners of its bounty program and it marked a 10-year milestone of Update Tuesdays.  I’m proud to be working here and involved in guiding the future of these and other programs.  One of the reasons I love security and technology is that it is constantly evolving – there is always room for us to improve, evolve and change as the landscape we operate within changes and I’m excited to usher in the next generation of the MSRC. 

I hope you’ll share my excitement as we continue on this journey together, helping secure our customers and the systems and devices they depend on.

Thanks,

Chris Betz
Senior Director
Microsoft Security Response Center

Categories: Uncategorized Tags:

Introduction: Chris Betz, new head of MSRC

October 25th, 2013 No comments

By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing.

Since joining the MSRC, I’ve spent time immersed in learning the business, meeting our global team of security research and response professionals and many of the other teams we frequently interact with here at Microsoft. That’s no small undertaking, as the MSRC identifies, monitors, resolves and responds to security incidents, ranging from cyber-attacks to vulnerability remediation. We respond to thousands of customer emails a year, and understanding our customers’ concerns and staying at the forefront of security is at the heart of my job. I’ve been impressed by the dedication, passion, and capability of the professionals who make it their personal mission to help protect our 1 billion global customers.

Before coming to Microsoft, I led information security practices at Columbia Broadcasting System (CBS).  Responsible for the security of our enterprise, my team and I were directly involved in implementing the technology and following the guidance in MSRC’s bulletins, blog posts and advisories.  I am very familiar with how the MSRC’s work affects, impacts and involves customers, security researchers, consultants and IT pros – and I’ve worked with the MSRC in several of those capacities through my career.  I’ve relied on information from the MSRC to make effective business decisions to protect our networks and, as an occasional security researcher, I’ve found technical analysis like that in the SRD Blog, to be accurate and informative.

As the new head of the MSRC, it’s my goal to continue Microsoft’s tradition of doing what’s necessary to help protect our customers. The MSRC has recently announced its progress report and MAPP expansions,  winners of its bounty program and it marked a 10-year milestone of Update Tuesdays.  I’m proud to be working here and involved in guiding the future of these and other programs.  One of the reasons I love security and technology is that it is constantly evolving – there is always room for us to improve, evolve and change as the landscape we operate within changes and I’m excited to usher in the next generation of the MSRC. 

I hope you’ll share my excitement as we continue on this journey together, helping secure our customers and the systems and devices they depend on.

Thanks,

Chris Betz
Senior Director
Microsoft Security Response Center

Categories: Uncategorized Tags: