display | more...

back to The Microsoft-English Dictionary


  1. See "Issue"

Buffer Overflow

  1. Security condition present in nearly all Microsoft products caused by the improper or nonexistent limiting of input query buffers.


  1. Often said by security staff conducting network penetration scans when observing the presence of open TCP ports 135, 137, or 139, indicating a Windows system is present.

Could Allow

  1. As Microsoft Security Bulletins read, a reported vulnerability or exploit to a Microsoft product may be a security problem ONLY when exploited by a cracker. Implies that a security problem is not a major concern until the exploit occurs. Example:
    " Authentication Error in SMTP Service Could Allow Mail Relaying" (01-037)
    In reality, the problem exists, but in Microsoft's expert judgement, the problem is not a 'problem' until exploited and makes the news. A real world example would be proclaiming that "guns kill people" (a truth, but only if if the gun is handled by a person who either loads it and pulls the trigger or uses it to club someone. By itself, the device is harmless.)


  1. A feel-good euphemism used by Microsoft referring to a security problem. (e.g., "Microsoft has discovered an issue with......")
  2. Microsoft's implied denial that a problem exists, calling it an "issue" instead of a "problem", "bug", "vulnerability" or "exploit." (In the real world, how many relationships have been broken off due to "issues" versus "problems" with the significant other?)

Known Issue

  1. feel-good euphemism used by Microsoft referring to a previously-reported problem. (See "issue")


  1. Term used by Microsoft to describe a security problem caused by submitting false or modified information to an application, such as a typographic error may direct a user to a different website than what was intended.

Microsoft Security Bulletin

  1. Release of documentation for a previously-undocumented feature in the named Microsoft Product.

Secure Microsoft Product

  1. Any unopened, uninstalled Microsoft product, preferably still inside its shrink-wrap.
  2. A PC running Microsoft operating systems or software that is not connected to a network or has removable media (e.g., disk drives) installed...that's how Windows NT received its C2 endorsement from the NSA in the mid-1990s!


  1. Something Microsoft products lack, evidenced by the frequency of reports of major products with vulnerable services enabled by default, or by releasing easily-exploited software products.
  2. A concept that is a mutually-exclusive to anything Microsoft.

Security Response Process

  1. Method Microsoft uses to react to reported security problems with its products. Runs contrary to industry-accepted standards of proactively preventing problems through secure software design and intense program quality assurance and abuse testing prior to release.


  1. A reported weakness that facilitates the compromise of a software product or system.
  2. General security community term for any computer running Windows, networked or not.

Reproduced with permission from <http://www.infowarrior.org/articles/2001-04.html>. © 2001 Richard Forno. Permission granted to freely reproduce - in whole or in part for noncommercial use - with appropriate credit to author and INFOWARRIOR.ORG.

Log in or register to write something here or to contact authors.