Microsoft has made available for download a new security tool designed to assess the attack surface of Windows operating systems.

As Windows platforms are being used, a variety of changes are introduced, more often than not, increasing the risk of attacks.

One scenario illustrative of this involves the installation of new software. Applications deployed on top of Windows manage not only to add extra functionality and capabilities that customers need, but also to introduce changes, some of which could represent security liabilities, or even be exploitable vulnerabilities.

This is why the Redmond company decided to share with the world an internal tool designed to catalog changes introduced to the Windows platform by new software being installed. More »

Microsoft has wrapped up 2010 with a real bang as far as the volume of security vulnerabilities goes.

The company released no less than 17 security bulletins in December 2010, patching no less than 40 vulnerabilities.

However, just a couple of the patch packages are rated Critical, which means that the security holes they’re designed to plug can allow attackers to execute code remotely on a vulnerable computer and gain control over the machine.

The updates resolve security flaws in a range of products, including Office, Windows, Internet Explorer, SharePoint Server and Exchange.

Jerry Bryant, group manager, response communications, Microsoft was kind enough to provide a complete list with all the security bulletins issued by the software giant this month, which customers will be able to find below. More »

Microsoft Network Monitor

Microsoft Network Monitor is a network protocol analyzer that lets you capture, view, and analyze network traffic. Version 3.3 of Network Monitor is available in 32- and 64-bit versions. Download it now.

Microsoft Baseline Security Analyzer

The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed to help administrators of small and medium-sized businesses ensure that their Windows-based computers are secure. You can use MBSA to determine the security state of your computers in accordance with Microsoft security recommendations. MBSA also offers specific remedia¬tion guidance for security problems it detects, such as misconfigurations and missing security updates.

At the time of writing this, the current version was MBSA 2.1. This version is available in 32- and 64-bit versions, but it does not install on Windows 7. A new version that supports Windows 7 is due to be released sometime in the future. You can download the current version and get information regarding the a version for Windows 7 at microsoft.com/mbsa/.

More »

Despite being different releases associated with the evolution of the Windows client, Windows XP and Windows Vista share not only common elements and components through their architecture, starting with the kernel, but also flaws in the source code.

In this context, the Service Pack 1 and respectively Service Pack 3 refreshes for the two operating systems have done nothing to break the intimate connection between the two products. An illustrative example in this situation are the new Critical updates Microsoft is wrapping up for the 32-bit and 64-bit Vista SP1 and XP SP3, designed to patch security vulnerabilities in the two operating systems.

Next week, on September 9, 2008, Microsoft will make available three security bulletins impacting both the latest service packs for Vista and XP. According to the Redmond giant, the updates will patch vulnerabilities in Windows Media Player 11, Windows Media Encoder 9 Series, and Windows itself. More »

Microsoft has yet to finish with the delivery process of Windows Vista SP1, and the company is already hammering away at the service pack plugging security holes. According to the Redmond company, Vista SP1 is affected by multiple vulnerabilities that will be addressed with April’s security bulletin releases, scheduled to be issued on April 8, 2008. Out of the total of eight security bulletins planned of the coming week, no less than six impact various editions of the Windows operating system, and Vista SP1 did not manage to escape unscathed.

“As part of our regularly scheduled bulletin release, we’re currently planning to release five Microsoft Security Bulletins rated Critical and three that are rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated. More »