Vulnerabilities / Threats
7/24/2009
07:04 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Unveils Security Tools, Resources At Black Hat

Dealing with the changing threat landscape requires information sharing, Microsoft says, and it has developed software, guidelines, and programs to help make that happen.

At the Black Hat conference in Las Vegas this week, Microsoft plans to provide a progress report on the security initiatives that it launched last summer and to release new security tools and information to support security efforts by its customers and partners.

"There's a race between attackers and defenders and if we want to win, we have to share information," said Mike Reavey, director of the Microsoft Security Response Center.

To help realize that goal, Microsoft plans to release the Microsoft Office Visualization Tool, which provides a graphic visualization of the Office binary file format. The software is intended to help IT professionals and security researchers better understand attacks targeting Office files.

The reason for this is that most malware attacks application vulnerabilities rather than operating system vulnerabilities. In the second half of 2008, said Reavey, almost 90% of the vulnerabilities were in the application stack rather than the operating system.

"In order to build protections, you have to understand how a specific file format is meant to be used, so then you can understand how it's being misused," he said.

Microsoft also plans to release Project Quant, an online information resource that aims to provide organizations with a framework for evaluating the cost of patch management processes. According to a survey conduct as part of the project, nearly 50% of respondents had no patch management process for desktop application software or had an informal process.

In addition, Microsoft intends to release the Microsoft Security Update Guide, a publication that explains the entire Microsoft security update process. "Finding good guidance if you're a customer in the sea of information is challenge," said Reavey. "We wanted to provide a guidebook. By sharing how we manage risk, we hope we can help our customers manage risk."

Finally, Microsoft expects to publish a report titled, "Building a Safer, More Trusted Internet Through Information Sharing," which summarizes the three security programs launched at Black Hat 2008.

The three programs are: Microsoft Active Protections Program (MAPP), which supplies vulnerability information to security partners prior to the release of Microsoft's security patches; the Microsoft Exploitability Index, which aims to quantize the risk of vulnerabilities to aid patch prioritization; and Microsoft Vulnerability Research, which helps third-party vendors make their Windows applications more secure.

MAPP, the report claims, has helped Sourcefire reduce the amount of time it takes to build exploit detection for a vulnerability from an average of eight hours to two hours. The report also notes that the Microsoft Vulnerability Index has proven to be 99% reliable, a sufficiently high rate for Microsoft to declare the program a success. And as for Microsoft Vulnerability Research, the report says that the program has identified software vulnerabilities affecting 32 vendors.

Information sharing, the report concludes, is critical to making the Internet safer.

InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7830
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse cap...

CVE-2014-7831
Published: 2014-11-24
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

CVE-2014-7832
Published: 2014-11-24
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by vi...

CVE-2014-7833
Published: 2014-11-24
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

CVE-2014-7834
Published: 2014-11-24
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?