Announcing the 2013 MSRC Progress Report featuring MAPP expansions

  • Article

Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin statistics from the Microsoft Security Response Center (MSRC). Our report covering July 2012 through June 2013 is available, and it provides a great look back over the past year and includes some exciting new program updates that will help enhance customer protections in the years to come. Here’s a few highlights…

Going Behind the Scenes

Over the last 12 months, we released 92 security bulletins, two of which, MS12-063 and MS13-008, were released out-of-band. In the report, MSRC’s own William Peteroy provides a rare behind-the-scenes look at the Software Security Incident Response Process (SSIRP) and making of MS13-008. As William puts it, “Being pulled into a SSIRP feels about the same as a friend signing you up for a marathon and letting you know the night before.” It isn’t all doom and gloom though. Within the first couple days of availability, the update was downloaded around 286 million times. William concluded, “Ultimately it was very rewarding to be able to put so much time and effort toward something good for so many people over the holiday.”

The latest MAPP enhancements

Collaborating on defense through the Microsoft Active Protections Program (MAPP) community currently helps protect more than 1 billion customers and significantly reduces the time it takes security vendors to create protections. This year, we’re enhancing our existing MAPP offerings in some exciting new ways that will result in more robust customer protections and better guidance for those helping to secure systems around the world.

MAPP for Security Vendors is our traditional MAPP program with some new enhancements. As part of our monthly security bulletin release process, we will engage certain members of the MAPP community to help validate our guidance prior to final release. Working with the community in this way helps to ensure our guidance works for the widest possible set of partners. In addition, we will share detections earlier to select MAPP partners with a trusted history. These trusted partners will receive the information three business days before Update Tuesday to help them create better quality solutions for our common customers.

MAPP for Responders is a new way to share technical information and threat indicators to organizations focused on incident response and intrusion prevention. Getting this information into the hands of those closest to the events can be invaluable in detecting and disrupting attacks. Many attackers share information amongst themselves, and defenders should share knowledge to help prevent and contain issues as they occur. MAPP for Responders will work to build a community for information exchange to counter the activities of those who wish to do harm.

MAPP Scanner is a cloud-based service that allows Office documents, PDF files, and URLs to be scanned for threats, which increases the likelihood of us learning about new attacks and attack vectors sooner rather than later. This service leverages our own product knowledge and is what we use internally to kick off new investigations. This service is currently in pilot with a limited number of partners.

Over on the BlueHat blog, Jerry Bryant provides additional information about these changes and how they fit into our larger security strategy.

These new programs, along with the bounty programs we launched last month, are part of a broader end-to-end strategy to help protect customers. The goal is to eliminate entire classes of attacks by working closely with partners to build up defenses, making it increasingly difficult to target Microsoft’s platform.

On to Black Hat 2013

Later this week, we’ll be at the Black Hat USA conference at Caesars Palace in Las Vegas, NV. I hope you take a few moments to read the progress report and come by to discuss the finding with us at our booth – and at our Researcher Appreciation party. I always enjoy speaking with people face-to-face about our latest programs and all the work we do throughout Trustworthy Computing to help ensure they have the safest computing experience possible.

Thanks, and I’ll see you in Vegas.

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing