New Microsoft Program Helps Fix Third-Party Vulnerabilities

Microsoft to officially share with Windows third-party app vendors flaws it finds in their software

LAS VEGAS – Black Hat USA – Microsoft yesterday launched a program to help third-party Windows application vendors fix security flaws in their software. Under the new Microsoft Vulnerability Research (MSVR) program, Microsoft will share with those vendors vulnerabilities discovered by Microsoft researchers or outside researchers in these third-party products.

“We are extending security [research and resolution] to the Windows ecosystem,” says Mike Reavey, group manager for the Microsoft Security Response Center. “We wanted to formalize how we report to these vendors to share and leverage” Microsoft’s security resources. The program reflects the shift in attack trends, with more exploits going after these third-party Windows apps, he says: Over 80 percent of exploits affecting XP systems are against third-party Windows apps, and over 90 percent affecting Vista systems are aimed at third-party Windows apps, according to Reavey. Microsoft’s security experts find these vulnerabilities in third-party apps while working on their own research, or during the Security Development Lifecycle process. Reavey says a good example of how the MSVR process would work is the recent Apple Safari and Windows blended threat, which was initially discovered by an outside researcher who reported it to Microsoft: “We were able to work with Apple” to resolve it. With MSVR, when Microsoft finds vulnerability in a third-party application, it would officially report it to the affected vendor and then help the vendor resolve it.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights