Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Microsoft to Share Vulnerability Data with Incident Responders

Microsoft’s pre-patch information sharing on vulnerabilities in its software has been expanded to include incident responders dealing with advanced targeted attacks.

Microsoft’s pre-patch information sharing on vulnerabilities in its software has been expanded to include incident responders dealing with advanced targeted attacks.

The Redmond, Washington-based software vendor today announced a major expansion of the five-year-old Microsoft Active Protections Program (MAPP), which is aimed at reducing the window of exposure to hacker attacks.

In the past, MAPP shared vulnerability data to give anti-malware, intrusion prevention/detection and corporate network security vendors a head-start to add signatures and filters to protect against Microsoft software vulnerabilities. That part of the program will remain, but Microsoft has now added two new programs specifically aimed at the explosion of APTs (advanced persistent threats) against global governments and businesses.

Microsoft LogoAccording to Microsoft Senior Security Strategist Jerry Bryant, the new MAPP for Responders will provide “threat indicators” to qualified security response teams. These will include malicious URLs, file hashes, incident data and relevant detection guidance.

“The information we plan to share with response partners is focused more on threat intelligence than specifically on vulnerabilities. Where these two programs come together is around incident response. Arming more defenders against targeted attacks is a key part of our overall strategy,” Bryant explained.

Microsoft plans to to support Mitre’s STIX (Structured Threat Information Expression) and TAXII (Trusted Automated eXchange of Indicator Information) specifications to ensure automation and structure.

Bryant said the surge in targeted attacks as one of the primary threats to enterprises, governments and other entities pushed Microsoft to expand the MAPP program. “Incident responders, including response companies, CSIRTs, ISACs, and security vendors, represent the front lines in the fight to detect, respond, and remediate these attacks. Through this new program, MAPP for Responders, we are working to build new partnerships and community collaborations that will enable strategic knowledge exchange,” he added.

Separately, Microsoft launched a new MAPP Scanner tool to help pinpoint if certain files or documents are attempting to exploit security vulnerabilities.

MAPP Scanner, currently in a closed pilot program is described as a cloud-based service that can be used to scan Office documents, PDF files, Flash movies, and suspect URLs, to determine if they are attempting to exploit a vulnerability. MAPP Scanner performs both static and active analysis to determine if files are attempting to exploit a vulnerability. It spins up virtual machines for every supported version of Windows and opens content in supported versions of the appropriate application, Bryant explained.

Advertisement. Scroll to continue reading.

Bryant also said MAPP Scanner can help find a known vulnerability and return the CVEs and affected platforms for that issue, while also flagging suspicious activity not associated with a known vulnerability for deeper analysis. “MAPP Scanner is extremely effective in identifying previously unknown vulnerabilities while at the same time dramatically improving the ability and efficiency of responders investigating an incident,” he added.

MAPP Scanner is also aimed at Microsoft partners who are likely to be subjected to targeted attacks.

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.