Language Selection

English French German Italian Portuguese Spanish

M$ Launches Security Advisory

Filed under
Microsoft
Humor

Microsoft has unveiled a new security advisory service to plug the gap between public disclosure of a vulnerability and the availability of a patch.

Dubbed Microsoft Security Advisories, the service is a pilot program begun in response to customer requests, Stephen Toulouse, the program manager of Microsoft Security Research Center (MSRC), said in an interview.

"When we got down to it, in the absence of a bulletin, customers wanted us to provide authoritative guidance on security related topics," Toulouse said.

Microsoft's security advisories--the first two of which were issued Tuesday--will offer early workarounds for vulnerabilities before a patch is ready. "If there was public vulnerability posted, the advisories could be used to provide guidance on workarounds," said Toulouse.

In cases such as those, expect to see the advisories morph into actual bulletins, Toulouse added. "We'd put the advisory up, and when a patch is ready, use it to point to the bulletin," he noted.

The advisories will follow the general format of the existing security bulletins, because feedback for the latter has been positive and users are familiar with the layout. The two advisories rolled out Tuesday, for example, offer subsections titled "Overview" and "Frequently Asked Questions," just as do Microsoft's monthly security bulletins.

Full Story.

More in Tux Machines

Leftovers: Gaming

Fedora: The Latest

Leftovers: KDE

  • ocs-client GSoC
    So my GSoC is coming to its end. I have no cool screenshots to upload this time and I have no new great features to talk about, in fact Caludio and I manly focused on bugfixing and testing. We have spent time also discussing about possible changes and improvements to the current OCS protocol. So is the client ready do be lunched? In short I would say that no, not yet.. although most of its features are implemented and it is usable, it is still an “under construction” project, we both still have to make some important decisions to make it usable to everyone.
  • The Fiber Engine Poll, Updates, and Breeze
  • Bringing Akonadi Next up to speed
    and refactoring it again, to make sure the codebase remains as clean as possible. The result of that is that an implementation of a simple resource only takes a couple of template instantiations, apart from code that interacts with the datasource (e.g. your IMAP Server) which I obviously can’t do for the resource.
  • New linter integration plugins for KDevelop
  • Artikulate Plans for Randa
    Language learning is often considered as the task of memorizing new vocabulary and understanding the new grammar rules. Yet for most, the most challenging part is to actually get used to speak the new language. This is a problem that Artikulate approaches with a simple idea: to learn the correct pronunciation of a word or even a longer phrase, the learner listens to a native speaker recording, repeats and recordings it, and finally compares both recordings to improve herself/himself with the next try.

Tails 1.5.1 is out

Tails, The Amnesic Incognito Live System, version 1.5.1, is out. This is an emergency release, triggered by an unscheduled Firefox release meant to fix critical security issues. Read more