Microsoft Active Protections Program (MAPP)

May You Live in Interesting Times

Handle:StoneZ IRL: Adrian Stone Rank: Senior Security Program Manager Lead Likes: Predictive Analytics, Game Theory, Databases, Sports Cars, NFL Football, Direct People Dislikes: Losing, Liars, Posers, No Talent Clowns It was two years ago at Black Hat that my colleague Katie Moussouris announced the launch of the Microsoft Vulnerability Research (MSVR) program. Shortly thereafter I …

May You Live in Interesting Times Read More »

Community-Based Defense: Looking Outward, Moving Forward

Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending against online crime going forward; no one company, individual …

Community-Based Defense: Looking Outward, Moving Forward Read More »

Coordinated Vulnerability Disclosure: Bringing Balance to the Force

Today on the MSRC blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure. I wanted to provide some context and history on how this came about. This post is about changing the way we at Microsoft talk about some familiar disclosure concepts, and is meant as an introduction …

Coordinated Vulnerability Disclosure: Bringing Balance to the Force Read More »

Security Advisory 983438 Released

Hello. Today we released Security Advisory 983438, addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients, as the Internet Explorer 8 XSS filter helps to mitigate the issue …

Security Advisory 983438 Released Read More »

Out-of-Band Security Bulletin Webcast Q&A – March 30, 2010

Hosts:                          Adrian Stone, Senior Security Program Manager Lead                                     Jerry Bryant, Group Manager, Response Communications Website:                     TechNet/security Chat Topic:                 March 2010 Out-of-Band Security BulletinDate:                           Tuesday, March 30, 2010     Q: CVE-2010-0483, like CVE-2010-0806, is a remote code executable vulnerability with an exploit code that has been published and publicly available since March 1, 2010. …

Out-of-Band Security Bulletin Webcast Q&A – March 30, 2010 Read More »

Out-of-Band Security Bulletin Webcast Q&A – January 21, 2010

  Hosts:             Adrian Stone, Senior Security Program Manager Lead                           Jerry Bryant, Senior Security Communications Manager Lead Website:       TechNet/security Chat Topic:    January 2010 Out-of-Band Security BulletinDate:               Thursday, January 21,  2010   Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) …

Out-of-Band Security Bulletin Webcast Q&A – January 21, 2010 Read More »

Microsoft Security Advisory 975191 Released

Hi Everyone, This is Alan Wallace, senior communications manager for our security response communications team.  Today, Microsoft released Security Advisory 975191, to provide customer guidance and protection from a vulnerability that could allow remote code execution on affected systems running the FTP service in Microsoft Internet Information Services (IIS) 5.0, 5.1 and 6.0, and connected …

Microsoft Security Advisory 975191 Released Read More »