Microsoft Touts Edge in Online Security

August 5, 2008

At the Black Hat USA 2008 conference, Microsoft introduced security-related programs that share early information with partners to help them protect customers quickly and effectively. The new programs also provide additional information and guidance to help customers evaluate risks and prioritize the deployment of Microsoft security updates.

Along with the predictability of Microsoft’s monthly security update process is the emergence of an undesirable cycle — the release of exploit code, related to those updates, sometimes within hours of release. Understanding this changing threat environment, Microsoft will offer the Microsoft Active Protections Program (MAPP), which gives security software providers advance information about vulnerabilities addressed by Microsoft security updates. This will allow security software providers to offer protections to customers quickly and effectively.

In addition, as part of the company’s ongoing effort to improve its guidance for customers, Microsoft announced its new Exploitability Index. Developed based on customer feedback, the Exploitability Index will provide customers with guidance on the likelihood of functional exploits being developed for vulnerabilities addressed by Microsoft security updates. This additional information helps customers better assess their unique risks and better prioritize deployment of the monthly security update. The Exploitability Index will be included as part of Microsoft’s monthly security bulletin release.

“The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk,” said Andrew Cushman, director of security response and outreach at Microsoft. “In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry. The Microsoft Active Protections Program gives security software providers the information and resources they need to help better protect customers.”

By investing in technology innovations, industry partnerships and customer guidance, Microsoft continues to seek ways to put organizations in control of their computing environments and help address online security.

“As security threats become more sophisticated, the global security community must combine its resources and work together to provide maximum security protections to worldwide Internet users,” said George Stathakopoulos, general manager of security engineering and communications at Microsoft. “No one organization can counter online attacks alone. Therefore, we must use the combined strength of the industry, partners, customers and public organizations to build a more secure environment for everyone.”