Entries Categorized as 'Microsoft Security'
by Neil MacDonald | January 21, 2011 | Comments Off
In my kick off post for 2011, I talked about the need for IT to expand the depth and breadth of patching. In the follow-on post, I talked about the need to migrate more users to run with standard user (and not administrative level) privileges. One of the challenges to both of these actions is [...]
Category: Application Security Information Security Microsoft Microsoft Security Windows 7 Tags: Application Security, Best Practices, Browser Security, Information Security, Microsoft, Microsoft Security, Windows
by Neil MacDonald | November 15, 2010 | Comments Off
I’m here this week in San Diego at Gartner’s Identity and Access Management Summit. I’ve been associated with Gartner’s identity-related research from 1995 when I joined Gartner to cover Novell and directory services. I’ve atached identity change over the past 15 years. Directory services evolved into metadirectories which evolved into user provisioning which has evolved [...]
Category: Cloud Security Information Security Microsoft Security Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Information Security, Microsoft Security, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | September 24, 2010 | Comments Off
Microsoft Security Essentials (MSE) is a free consumer offering originally delivered to market in 2009 based on the same engine and anti-malware feeds that are used within Microsoft’s for-fee enterprise-oriented Forefront Endpoint Protection (FEP). I saw this announcement from Microsoft earlier in the week. From the announcement: For this reason, Microsoft is announcing that beginning [...]
Category: Endpoint Protection Platform Microsoft Microsoft Security Tags: Endpoint Protection Platform, Microsoft, Microsoft Security, Reducing Cost, Windows
by Neil MacDonald | September 22, 2010 | 11 Comments
Migrating from IE6 to IE8 is not easy because of legacy web-enabled applications that don’t render correctly on IE8 and vendors that are slow to officially support it. There are a variety of ways to virtualize IE6 to help with this issue, including using application virtualization tools. I originally wrote about the potential issues using [...]
Category: Microsoft Microsoft Security Virtualization Tags: Microsoft, Microsoft Security, Virtualization, Windows
by Neil MacDonald | July 21, 2010 | Comments Off
Just because Microsoft stopped providing security patches for Windows 2000 last week, don’t assume that it can’t continue to be used securely in your environment. One option is to pay Microsoft $50,000 per quarter ($200,000 per year) for a Custom Support Agreement (CSA) for continued access to critical Windows 2000 patches. A lower-cost alternative program [...]
Category: Information Security Microsoft Security Tags: Information Security, Microsoft Security, Windows
by Neil MacDonald | March 10, 2010 | Comments Off
After yesterday’s patch Tuesday release, Microsoft also released this security bulletin affecting IE6 and IE7 (but not IE8). Similar zero day attacks on IE6 made headlines earlier this year when Google and other organizations were attacked and intellectual property stolen. With this latest zero-day, Microsoft reports that targeted attacks have been observed in the wild. [...]
Category: Application Security Endpoint Protection Platform Information Security Microsoft Security Tags: Browser Security, Microsoft, Microsoft Security, Windows
by Neil MacDonald | March 9, 2010 | Comments Off
I thought MS10-015 would be interesting. Microsoft had to stop distributing the patch because machines that were infected with a specific rootkit were blue-screening after application of the patch. Microsoft resumed distribution of the patch last week (2 March 2010). Now, the patch process looks to see if your machine is infected before applying the [...]
Category: Endpoint Protection Platform Information Security Microsoft Security Tags: Microsoft, Microsoft Security, Windows
by Neil MacDonald | February 11, 2010 | 6 Comments
In my post yesterday on MS10-015, I discussed a troublesome kernel-level vulnerability that affects most versions of Windows. Most of you will remember that Hyper-V’s parent partition is based on a slimmed down version of Windows called “Server Core”. Hmmm, could it be that the parent partition is affected? Yup, it’s affected. Don’t let the [...]
Category: Microsoft Security Virtualization Security Tags: Hyper-V, Hypervisor Security, Microsoft, Microsoft Security, Virtualization Security
by Neil MacDonald | February 10, 2010 | 1 Comment
13 bulletins were released Tuesday as part of Microsoft’s regularly scheduled monthly security update cycle – five rated Critical, seven rated Important and one rated Moderate – to address 26 vulnerabilities in Windows and Microsoft Office. There are many vulnerabilities in this set that organizations should be aware of, but it was one of the [...]
Category: Microsoft Security Tags: Microsoft, Microsoft Security, Windows
by Neil MacDonald | January 29, 2010 | 4 Comments
Get off of Internet Explore version 6. Now. IE6 has become an anchor (and a security risk). For Gartner clients, we’ve been advising this since October 2006. In blogging, I’ve said it here and most recently, here again. However, in reality, the move is easier said than done. Here’s what I said in this research [...]
Category: Beyond Anti-Virus Microsoft Security Tags: Best Practices, Microsoft, Microsoft Security, Windows
