Microsoft is upping the ante in an effort to head off hackers at the Patch Tuesday pass. Ryan Naraine reports:
The new Microsoft Active Protections Program (MAPP), which will be formally announced at Black Hat USA 2008 here, will give anti-virus, intrusion prevention/detection and corporate network security vendors a head start to add signatures and filters to protect against Microsoft software vulnerabilities.
The idea is to provide detection guidance ahead of time to help security vendors reproduce the vulnerabilities being patched and ship signatures and detection capabilities without false positives.
If folks deployed Patch Tuesday fixes right away--like the minute they were released by Microsoft--that heads up to security vendors wouldn't be necessary. But the reality is that IT shops have to test the patches first and that takes time. During that time exploit code can be launched.
Hats off to Microsoft for being proactive. The program has its risk--especially if Microsoft's vulnerability data can be intercepted--but it's worth a shot