LAS VEGAS Black Hat USA Microsoft yesterday launched a program to help third-party Windows application vendors fix security flaws in their software. Under the new Microsoft Vulnerability Research (MSVR) program, Microsoft will share with those vendors vulnerabilities discovered by Microsoft researchers or outside researchers in these third-party products.
The program reflects the shift in attack trends, with more exploits going after these third-party Windows apps, he says: Over 80 percent of exploits affecting XP systems are against third-party Windows apps, and over 90 percent affecting Vista systems are aimed at third-party Windows apps, according to Reavey.
Microsofts security experts find these vulnerabilities in third-party apps while working on their own research, or during the Security Development Lifecycle process. Reavey says a good example of how the MSVR process would work is the recent Apple Safari and Windows blended threat, which was initially discovered by an outside researcher who reported it to Microsoft: We were able to work with Apple to resolve it.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.