Microsoft's "Very Limited, Targeted Attacks"

This is an insight into Microsoft's security terminology. Namely the "very limited, targeted attacks" phrase. Christopher Budd, Security Program Manager Microsoft Security Response Center, is the Microsoft representative that brought clarity to the Redmond Company's technical jargon. "We've gotten some question from customers about what we mean when we say we're aware of "very limited, targeted attacks" in a security advisory," Budd said.

With "very limited, targeted attacks" Microsoft designates malicious actions that are situated at the opposite pole of those affecting a broad number of customers at random. "Unlike these broad, random attacks, these very limited, targeted attacks are carried out against a very small number of customers (sometimes only one or two even) and are carried out in a very deliberate fashion against a specific organization or organizations," Budd explained.

Microsoft is continuously working with AV partners in the Microsoft Security Response Alliance (MSRA) and other partner programs via the Software Security Incident Response Process (SSIRP). But, in addition to third party viral signatures, Microsoft also updates Windows Live OneCare Safety Scanner against the malicious software.

"One of our goals when we issue a security advisory is to give you information to help you understand the risks posed by an issue. One thing we know that customers want to know about is what the scope of an attack is. Through our work with partners, with customers, and internal investigations, we're sometimes able to tell if an attack is a broad, random attack, or if it's a very limited, targeted attack. When we're able to do this, we include it in our security advisory as another piece of information to help you understand what's going on, so you can make a better informed risk assessments," concluded Budd.