Launched in 2007, the Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks.  During Microsoft’s technical investigation of security issues, information is discovered that we feel is important to share.  Some examples include:

• Workarounds are not 100% effective in every situation, every attack vector
• Workarounds that are specific to a particular attack
• Super complicated workarounds that work but cannot be recommended to all customers
• Interesting mitigations that might not be present in all cases
• “Best Practices” type guidance that applies to a particular vulnerability
• Group policy deployment guidance
• “Interesting” facts about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations
• Debugging techniques and information on how to triage security vulnerabilities
• Overview of some of the challenges that we face when fixing specific security bugs

As always, security bulletins or security advisories are the ultimate authority but we’ll try to include juicy spill-over technical stuff in the SWI blog.

We expect to post every “patch Tuesday” with technical information about the vulnerabilities being fixed. During our vulnerability research, we discover a lot of interesting technical information. We’re going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization.