Microsoft Helps Fight Zero Day Attacks
By Christopher Nickson
August 06, 2008
Microsoft is introducing a program to work with security companies to let them know about vulnerabilities before Patch Tuesday.
The hackers are getting a lot better. That was the subtext underlying everything Microsoft said at the Black Hat conference in Las Vegas. And that means even the giants have to take big steps to combat them.
The company announced a pair of programs to help fight Zero Day attacks – hacks coded to exploit vulnerabilities on the day they’re announced, and which have now become the norm.
Under the Microsoft Active Protections Program (MAPP) the company will give security companies advance notice of vulnerabilities they’ll be addressing on Patch Tuesdays, letting them integrate their own code with Microsoft’s fixes.
George Stathakopoulos, general manager of security engineering and communications at Microsoft, said:
"As security threats become more sophisticated, the global security community must combine its resources. No organization can counter online attacks alone."
Microsoft will also begin an Exploitability Index, which will be part of the monthly security bulletin, offering an assessment of the danger of each vulnerability. This will allow people to decide what patches to download, depending on how vulnerable their systems are.