The government agency took two PCs running a fully-patched Windows 7 with the Microsoft Security Essentials (MSE) antivirus package installed.
FORBES: Six Simple Steps Proven To Keep Your Windows 7 PC Safe From Hackers And Malware
At least you weren't working at the Microsoft Security Response Center.
The Microsoft security updates can be downloaded from Microsoft's website.
"Our investigation has shown that there are no new or unknown vulnerabilities being exploited, " he wrote in a statement on the Microsoft Security Response Center's Web site on April 25.
The free Microsoft Security Essentials tool is ideal.
FORBES: Six Simple Steps Proven To Keep Your Windows 7 PC Safe From Hackers And Malware
He ran out of money while at Stanford, so he started doing security consulting for Microsoft and RSA Security.
They suggest using Microsoft Baseline Security Analyzer (MBSA) for vulnerability scanning but of course there are many options from free to expensive.
FORBES: Vulnerability Intelligence Versus Vulnerability Management
This past August Microsoft began using security to induce more customers to opt for Software Assurance.
FORBES: Microsoft Software Assurance: Insurance? Or Extortion?
Vendors that are assisting include Microsoft, Internet Security Systems, Axent Technologies, Network Associates, Symantec and Trend Micro.
Microsoft typically issues security updates for Windows and its associated programs on the second Tuesday of every month.
Microsoft said the security problem introduced by its update would affect the relatively small number of users running Windows 2000.
He conceded that the size of Microsoft's network -- and the allure to hackers of breaching Microsoft's security -- make defending its systems an ongoing challenge.
"Four days is typically not enough to complete the initial investigation of the vulnerability and thoroughly test a comprehensive update, " said Mike Reavey, director of Microsoft's security response center.
There are plenty of warnings from Microsoft and from security experts that any call you get from someone claiming they know what is happening to your PC should be terminated rapidly.
On Wednesday, Microsoft released a security advisory warning users of active attacks using a previously unknown bug in Internet Explorer (IE) that affects users of versions six, seven of the browser.
FORBES: Criminal Exploits Targeting New Bug In Old Internet Explorer Versions
That's an artful way to say that Microsoft's security concerns were -- and are -- elsewhere: Hackers tampering with the cameras to intercept the stream to spy on users, going up the stack to the console or network.
CNN: How Microsoft learned to stop worrying and love open Kinect
In the three weeks after Gates issued his dictum, Microsoft published three separate security bulletins.
Microsoft reported via its security blog that it had already seen a "limited" attack using this bug.
Microsoft has published a security advisory for the bug, along with workarounds to protect XP users.
But at a meeting with analysts last month, Mr Gates acknowledged that Microsoft would expand its security-software offering.
Microsoft's own security researcher Bill Sisk quickly leapt to the company's defense.
Microsoft first patched this security hole on Aug. 10, and issued a security bulletin on Oct. 17 pointing customers to the same software patch.
Yet ironically, as Microsoft slowly improves the security of its products by, for instance, incorporating firewall technology, anti-virus systems and spam filters its actions increasingly start to resemble those that, in the past, have got the firm into trouble with regulators.
On Tuesday the French firm Vupen, whose researchers develop software hacking techniques and sell them to government agency customers, announced that it had already developed an exploit that could take over a Window 8 machine running Internet Explorer 10, in spite of the many significant security upgrades Microsoft built into the latest version of its operating system.
FORBES: Government-Funded Hackers Say They've Already Defeated Windows 8's New Security Measures
As proof, Dusche pointed to the smart cards issued to Microsoft employees for network and security access.
On its security blog, Microsoft acknowledged the discovery of the browser bug and said it was monitoring the situation.
The damage to customer confidence may outweigh the actual security damage to Microsoft.
The fix was scheduled to be released on 10 April - the next date for Microsoft's regular monthly security update.
In its security advisory, Microsoft labeled three of the bulletins "critical, " meaning an attacker could remotely execute malicious code on unpatched systems.
应用推荐