MS08-067: Example of Need for Increased Collaboration


Handle:
Cap'n Steve

IRL:
Steve Adegbite

Rank:
Senior Security Program Manager Lead

Likes:
Reverse Engineering an obscene amount of code and ripping it up on a snowboard

Dislikes:
Not much but if you hear me growl…run

You've probably heard that we released an out-of-band Security Bulletin for a vulnerability in Windows (MS08-067).  By now you have probably also heard of the Microsoft Active Protections Program (MAPP). Let me take a moment to talk to you about how they worked in concert for this issue.  As announced at Black Hat in August, prior to release of the monthly security updates, MAPP members receive technical details on vulnerabilities in order to speed the development of protections.  Due to the unique threat from this vulnerability and because the issue was released out-of-band, we decided to not only share the information in advance but to also make our security engineers behind the SVRD Blog available for questions with MAPP partners.

During this meeting, we outlined technical details on this update and allowed for more in-depth questions on the information provided. We did this to ensure full understanding of the issue so that timely protections could be provided. We are happy to say it worked nicely, and that most MAPP partners had protections out shortly after the bulletin published and the rest should have their protection available by end of day.  If you have questions about which partners have protection, see the links to their pages here.

This is a great example of the kind of community-based defense we discussed at Black Hat and I’m pleased to see us working together to collaboratively protect the ecosystem.

For more information about this release see the MSRC Blog here: https://blogs.technet.com/msrc/default.aspx

Steve “Capt Steve” Adegbite

*Postings are provided "AS IS" with no warranties, and confers no rights.*