-
August 5th, 2008, 10:18 PM
#1
Microsoft Exploitability Index at Black Hat
Microsoft wants to buddy up to Black Hat attendees by discussing its new Exploitability Index.
A Better View of Microsoft Security? - InternetNews
The new exploitability index will supplement the patch Tuesday announcement with a new metric that will help users understand the risks that a given vulnerability may pose.
In order to gauge risk, Microsoft will detail with the exploitability index, whether or not exploit code exists or is likely to exist for a given vulnerability. The general idea is to help Microsoft customers to prioritize the importance of updates based on their likelihood of being exploited.
...Reavey explained that Microsoft will look at classifying vulnerabilities into three broad buckets. The first bucket will be highly exploitable vulnerabilities where Microsoft is of the opinion that exploit code that will work consistent is likely to be released inside of the first 30 days of the Microsoft patch being made available. The second bucked is if there is the possibility of an inconsistent exploit code that being produced that might work some of the time. The third bucket will identify vulnerabilities for which Microsoft believes it is unlikely that exploit code will be released inside of 30 days.
There's also the community-driven Microsoft Active Protections Program (MAPP) that gives advance notice on vulnerabilities and upcoming patches to partners. Does this mean good-bye to the finger pointing among software vendors after a disastrous patch?
-
August 8th, 2008, 11:16 AM
#2
There's also the community-driven Microsoft Active Protections Program (MAPP) that gives advance notice on vulnerabilities and upcoming patches to partners. Does this mean good-bye to the finger pointing among software vendors after a disastrous patch?
I can't say that I can recall any "disastrous patches" recently. Most of the problems that I have encountered have been when a patch has not installed correctly for some reason. That can result in instability and unpredictability.
I tend to use this free (to private users) software for a "second opinion" as the MS update history sometimes does not spot a failed installation.
http://www.belarc.com/free_download.html
As for the finger pointing, I think that is a little unfair? MS have always taken the stance that they don't support software that hooks the Windows kernel. OK a lot of security products do just this, in a variety of different ways.
I would say that it is up to the third party vendor to ensure that their product still works, particularly if MS give them advanced warning.
I do find it slightly unusual that MS don't seem to test their updates with major third party software, if only as a public relations exercise to their customers. In particular I am thinking of security products, that are the most likely items to have issues?
A couple of days ago I fired up a machine that I hadn't had on the internet for a few weeks. MS downloaded their updates and asked permission to install them. At that point ZoneAlarm sent me a popup warning me to install their update first. I thought that was rather good
Similar Threads
-
By mohaughn in forum Microsoft Security Discussions
Replies: 1
Last Post: August 9th, 2005, 07:37 PM
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By hjack in forum Code Review
Replies: 0
Last Post: March 7th, 2004, 09:20 PM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 0
Last Post: September 15th, 2003, 09:47 PM
-
By NUKEM6 in forum Non-Security Archives
Replies: 10
Last Post: January 24th, 2002, 06:21 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|