Friday 28 December 2007

New MS Blog: Security Vulnerability Research & Defense

A new blog to add to the RSS readers: The blog will discuss "more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities."

From the About:
Launched in 2007, the Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks. During Microsoft’s technical investigation of security issues, information is discovered that we feel is important to share. Some examples include:
  • Workarounds are not 100% effective in every situation, every attack vector
  • Workarounds that are specific to a particular attack
  • Super complicated workarounds that work but cannot be recommended to all customers
  • Interesting mitigations that might not be present in all cases
  • “Best Practices” type guidance that applies to a particular vulnerability
  • Group policy deployment guidance
  • “Interesting” facts about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations
  • Debugging techniques and information on how to triage security vulnerabilities
  • Overview of some of the challenges that we face when fixing specific security bugs
As always, security bulletins or security advisories are the ultimate authority but we’ll try to include juicy spill-over technical stuff in the SWI blog.
This is definitely one for the reader!

Via the Micrsoft Exchange Team Blog.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

No comments: