This is a good piece from Microsoft where they mention the value of security monitoring. From the article

The primary goal of a security monitoring and attack detection system is to help identify suspicious events on a network that may indicate malicious activity or procedural errors.

Microsoft apperently understands the importance of really looking for indications of attacks, instead of living in belief that systems are impenetrable and that security products will offer protection. Their suggestions with regards to the actual process and routine is also accurate:

A security monitoring solution is actually a continual process of planning, implementing, managing, and testing, because that is the very nature of security monitoring. Because the threats to business networks are always changing, the system that monitors the security in a business network must also change.

This process is suggested as a part of their Microsoft Operations Framework (MOF), which also features other operational routines.

I like that Microsoft is putting some effort in the defining the operational requirements for managing their systems and environments. The lack of these kind of security operations are what makes companies fail, not that they don’t have enough security products. The article also features some good hints on analysing Window Event Logs.

Eweek has posted a story that (if it is true) confirms my thoughts and opionions on the WMF-matter. According to the article, evidence say that the exploit targeted at the WMF-vulnerability was first seen in 1st of December, roughly one month before the whole issue became public. This is what i've expected. Exploits, including zero day, gets disclosed to the public when the attackers gets sloppy. In this particular case, the exploit was made public when an attacker bought the exploit, and made an automated attack of it.

Last week, I also saw reports on the British parlament being (successfully?) hacked by the exploit. I expect to see more incidents related to this matter in the future.