Microsoft Expands Security Reporting
Page 1 of 1
The public has a seemingly insatiable demand for as much information as possible about Microsoft security. To help feed it, Microsoft has added yet another information resource: its new Security Vulnerability Research and Defense blog, which officially launched this week.
The Security Vulnerability Research and Defense blog (SWI) is designed to provide additional, in-depth technical details on Microsoft security updates -- ostensibly to better satisfy security researchers, enterprise IT staff, hard-core end-users and close Microsoft observers.
The details and workarounds posted in the blog are not covered in official security bulletins -- making them useful, if not potentially critical.
"The blog displays the knowledge of our investigators and offers additional details about vulnerabilities Microsoft has fixed beyond bulletins or advisories," a Microsoft spokesperson explained to InternetNews.com.
The new outlet should complement the existing Microsoft Security Response Center Blog (MSRC) since both serve different purposes. The MSRC Blog is designed for high-level intelligence about a particular situation.
In some cases, however, the Microsoft spokesperson said the company wants to go deep and get into the guts of a vulnerability.
"We still encourage customers to follow the guidance in the advisories and bulletins, but the blog shares additional information about mitigations and workarounds where customers wouldn't be able to get anywhere else," the spokesperson said. "We will only release information that is supplemental to customers, and will only be offering information about vulnerabilities that have already been fixed."
Already, the effort could be paying dividends for security researchers and admins. The SWI blog at launch provides additional details on two vulnerabilities that Microsoft fixed as part of December's Patch Tuesday.
The first example is one that the SWI blog refers to as "The case of the insecure signature." The official Microsoft label is MS07-063, "Vulnerability in SMBv2 Could Allow Remote Code Execution."
The original MS07-063 advisory provides an overview of the flaw, which involved the SMB (Server Message Block) technology critical in Windows server communications. The SWI blog expanded that explanation with a broader discussion about message signing in SMB traffic -- where the actual vulnerability exists.
The second flaw detailed involves "Vulnerability in Message Queuing," officially labeled as MS07-065, which the SWI blog described as "The case of the significant suffix." In that post, Microsoft provided an additional mitigation approach for affected users.
"We periodically identify workarounds or mitigations like this that we can't use for official guidance because they're either too nuanced or have some exception cases," the blog states. "When we discover something potentially useful but are uncomfortable listing it in the bulletin, we'll do our best to describe it here in this blog."
According to the Microsoft spokesperson, the company selected both issues because it had interesting additional details to share about each.
"Every time we research vulnerability, we come away with a lot of knowledge about it and feel that we should share it," the spokesperson noted.