LAS VEGAS — Aug. 5, 2008 — At the Black Hat USA 2008 conference today, Microsoft Corp. introduced security-related programs that share early information with partners to help them protect customers quickly and effectively. The new programs also provide additional information and guidance to help customers evaluate risks and prioritize the deployment of Microsoft security updates.
Along with the predictability of Microsoft’s monthly security update process is the emergence of an undesirable cycle — the release of exploit code, related to those updates, sometimes within hours of release. Understanding this changing threat environment, Microsoft will offer the Microsoft Active Protections Program (MAPP), which gives security software providers advance information about vulnerabilities addressed by Microsoft security updates. This will allow security software providers to offer protections to customers quickly and effectively.
In addition, as part of the company’s ongoing effort to improve its guidance for customers, Microsoft announced its new Exploitability Index. Developed based on customer feedback, the Exploitability Index will provide customers with guidance on the likelihood of functional exploits being developed for vulnerabilities addressed by Microsoft security updates. This additional information helps customers better assess their unique risks and better prioritize deployment of the monthly security update. The Exploitability Index will be included as part of Microsoft’s monthly security bulletin release.
“The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk,” said Andrew Cushman, director of security response and outreach at Microsoft. “In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry. The Microsoft Active Protections Program gives security software providers the information and resources they need to help better protect customers.”
By investing in technology innovations, industry partnerships and customer guidance, Microsoft continues to seek ways to put organizations in control of their computing environments and help address online security.
“As security threats become more sophisticated, the global security community must combine its resources and work together to provide maximum security protections to worldwide Internet users,” said George Stathakopoulos, general manager of security engineering and communications at Microsoft. “No one organization can counter online attacks alone. Therefore, we must use the combined strength of the industry, partners, customers and public organizations to build a more secure environment for everyone.”
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.