Skip to main content
Microsoft Security

Tim Rains Posts

Tim Rains
Published
1 minute read

Microsoft Interflow: a new Security and Threat Information Exchange Platform 

<p>Today, the Microsoft Security Response Center (MSRC) announced the private preview of <a href="http://www.microsoft.com/interflow">Microsoft Interflow</a>. This is a security and threat information exchange platform for cybersecurity analysts and researchers.</p> <p>Interflow provides an automated machine-readable feed of threat and security information that can be shared across industries and community groups in near real-time. This platform provides this information using open specifications <a href="http://stix.mitre.org/">STIX™ (Structured Threat Information eXpression), </a><a href="http://taxii.mitre.org/">TAXII™ (Trusted Automated eXchange of Indicator Information), </a>and<a href="http://cybox.mitre.org/"> CybOX™ (Cyber Observable eXpression standards). </a>This enables Interflow to integrate with existing operational and analytical tools that many organizations use through a plug-in architecture. It has the potential to help reduce the cost of defense by automating processes that are currently performed manually. </p> <p>You can get more information on Microsoft Interflow on the <a href="/b/msrc/archive/2014/06/23/announcing-microsoft-interflow.aspx">MSRC blog</a>, and as well as in this <a href="http://technet.microsoft.com/en-us/security/dn726547">FAQ</a> and at <a href="http://www.microsoft.com/interflow">www.microsoft.com/interflow</a>.</p>

When Vulnerabilities are Exploited: the Timing of First Known Exploits for Remote Code Execution Vulnerabilities 

<p>One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen?  Trustworthy Computing’s <a href="http://www.microsoft.com/security/msec.aspx">Security Science </a>team published new data that helps put the timing of exploitation into perspective, in the recently released <a href="http://www.microsoft.com/sir">Microsoft Security Intelligence Report volume 16</a>.</p> <p>The Security Science team studied exploits that emerged for the most severe vulnerabilities in Microsoft software between 2006 and 2013. The exploits studied were for vulnerabilities that enable remote code execution. The timing of the release of the first known exploit for each remote code execution vulnerability was examined and the results were put into three groups. <a href="/b/security/archive/2014/06/16/when-vulnerabilities-are-exploited-the-timing-of-first-known-exploits-for-remote-code-execution-vulnerabilities.aspx">Read more</a></p>

Published
1 minute read

New Guidance for Securing Public Key Infrastructure 

<p>Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications.</p> <p>The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization’s PKI can significantly help an attacker gain access to the sensitive data and systems they are after.</p> <p>To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document - “<strong><a href="/controlpanel/blogs/posteditor.aspx/<strong>http:/aka.ms/securingpkidl</strong>">Securing Public Key Infrastructure</a></strong>.” <a href="/b/security/archive/2014/06/11/new-guidance-for-securing-public-key-infrastructure.aspx">Read more</a></p>

New Microsoft Threat Modeling Tool 2014 Now Available 

<p>Today we’re announcing the release of the <strong><a href="http://download.microsoft.com/download/3/8/0/3800050D-2BE7-4222-8B22-AF91D073C4FA/MSThreatModelingTool2014.msi">Microsoft Threat Modeling Tool 2014</a></strong>. This is the latest version of the free <a href="/b/security/archive/2012/08/23/microsoft-s-free-security-tools-threat-modeling.aspx">Security Development Lifecycle Threat Modeling Tool </a>that was previously released back in 2011.</p> <p>More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating. Threat modeling is also used to help identify mitigations that can reduce the overall risk to a system and the data it processes. Once customers try threat modeling, they typically find it to be a useful addition to their approach to risk management.  </p> <p>We have been threat modeling at Microsoft for more than 10 years. It is a key piece of the design phase of the <a href="http://www.microsoft.com/security/sdl/default.aspx">Microsoft Security Development Lifecycle </a>(SDL).  In 2011 we released the SDL Threat Modeling Tool, free of charge, to make it easier for customers and partners to threat model as part of their software development processes. The tool has been very popular and we have received a lot of positive customer feedback in addition to suggestions for improvement. <a href="/b/security/archive/2014/04/15/new-microsoft-threat-modeling-tool-2014-now-available.aspx">Read more</a></p>

The Risk of Running Windows XP After Support Ends April 2014 

<p>Back in April I published a post about the end of support for Windows XP called <a href="/b/security/archive/2013/04/09/the-countdown-begins-support-for-windows-xp-ends-on-april-8-2014.aspx">The Countdown Begins: Support for Windows XP Ends on April 8, 2014</a>.  Since then, many of the customers I have talked to have moved, or are in the process of moving,  their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.</p> <p>There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft.  Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8.  I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.</p> <p>What is the risk of continuing to run Windows XP after its end of support date?  One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case. <a href="/b/security/archive/2013/08/06/the-risk-of-running-windows-xp-after-support-ends.aspx">Read more.</a></p>

Microsoft’s Free Security Tools – Microsoft Assessment and Planning (MAP) Toolkit 

<p>This article in our<a href="https://blogs.technet.com/b/security/archive/2012/10/04/microsoft-s-free-security-tools-summary.aspx?Redirected=true"> free security tools series</a> focuses on the benefits of the <a href="http://technet.microsoft.com/en-us/security/jj657553">Microsoft Assessment and Planning Toolkit</a>.  If you are an IT Professional then you know platform migrations can be a daunting task.  Depending on your organization’s size, complexity and maturity, simply understanding your organization’s IT state and migration potential can take hours, days and sometimes even months.  To help ease the migration process, Microsoft has created the Microsoft Assessment and Planning (MAP) Toolkit.  The MAP Toolkit is a powerful inventory, assessment and reporting tool that can securely assess IT environments for various platform migrations.   The toolkit is designed to run in any organization regardless of size and is effective at helping to accelerate PC, server, database and cloud migration planning across heterogeneous environments.  It also provides tailored assessment proposals and recommendations, and helps gain efficiencies through multiple technology migration assessments with a single tool. </p>

Published
3 min read

Microsoft’s Free Security Tools – URLScan Security Tool 

One of the best ways to keep potentially malicious Internet traffic from attacking your Internet Information Services (IIS) Web server is to keep it from getting to the Web server service.  To help protect users from malicious webpages, Microsoft and other browser vendors have developed filters that keep track of sites that host malware and phishing attacks and display prominent warnings when users try to navigate to them

Microsoft Free Security Tools – Microsoft Baseline Security Analyzer 

<p>This article in our <a href="/b/security/archive/2012/07/31/microsoft-s-free-security-tools-series-introduction.aspx">series</a> on Microsoft’s free security tools is focused on a tool called the <a href="http://www.microsoft.com/en-us/download/details.aspx?id=7558">Microsoft Baseline Security Analyzer</a> (MBSA).  Many years ago before Windows Update was available, servicing software was much more painful than it is today.  Microsoft released security updates weekly, and there were few deployment technologies available to help determine which systems needed which updates.  I wrote an <a href="/b/security/archive/2012/03/26/trustworthy-computing-learning-about-threats-for-over-10-years-part-6.aspx">article on this topic</a> if you are interested in a walk down memory lane.  For those IT administrators that lived through those days, the MBSA was a godsend.  Today, 10 years later, the MBSA is still a free security tool that many, many IT Professionals use to help manage the security of their environments. </p>

Microsoft’s Free Security Tools – Summary 

<p>In July, we kicked off a blog series focused on "<a href="/b/security/archive/2012/07/31/microsoft-s-free-security-tools-series-introduction.aspx">Microsoft's Free Security Tools</a>."  The series highlights free security tools that Microsoft provides to help make IT professionals' and developers' lives easier.  A good tool can save a lot of work and time for those people responsible for developing and managing software. In the series we discuss many of the benefits each tool can provide and include step by step guidance on how to use each.  Below is a summary of the tools covered in the series and a brief overview of each.</p>

Microsoft’s Free Security Tools – Portqry 

<p>This article in our <a href="/b/security/archive/2012/07/31/microsoft-s-free-security-tools-series-introduction.aspx">series</a> focused on Microsoft’s free security tools is on a tool called <strong>Portqry</strong>.  This tool is a TCP/IP connectivity test tool, port scanner, and local port monitor.  Portqry is useful for troubleshooting networking issues as well as verifying network security related configurations.  Because of this broad functionality, I have heard some Information Technology (IT) Professionals refer to this tool as a “Swiss army knife” of tools.</p>