Security News


Off-Cycle Internet Explorer Security Update Released

Microsoft reacted quickly to a vulnerability in Internet Explorer by issuing an out-of-cycle fix.

Microsoft Exec Urges IE8 Readiness

The head of Microsoft's Internet Explorer team described how developers can prepare for IE8's general release.

Microsoft Releases SQL Server Security Tools

Microsoft released a beta version of its Code Analysis Tool and Anti-Cross Site Scripting Library for developers.

Cisco Warns of Increasing Attack Sophistication

Cisco's 2008 Annual Security Report report highlighted the increasing sophistication of Internet-based attacks, largely because cyber-criminals themselves are becoming increasingly sophisticated.

Microsoft Delivers SQL Server 2005 SP3

Microsoft ratcheted up its product support for SQL Server 2005 by releasing Service Pack 3 (SP3) on Monday, along with SP3 Cumulative Update 1.

Zero-Day IE Exploit To Get Out-of-Cycle Patch

Microsoft will end 2008 with a "critical" out-of-cycle patch for IE, according to an advance notification issued Tuesday for a new security update slated for release on Dec. 17.

Microsoft Offers IE Security Workaround, But No Fix

A "critical" security hole in Internet Explorer will not be fixed until sometime in 2009.

IE8: 'Safe' but Scorned in Bug Battle Contest

A security contest found more bugs in Google Chrome and Firefox than in Microsoft's IE8 browser.

Google Addressing Web App Security With 'Native Client'

The search giant is testing the secure execution of Web code natively on x86-based machines.

Microsoft Exec Lays Out Enterprise Strategy at Barclays Event

Bob Kelly described Microsoft's pursuit of a "$400 billion plus" server and tools market.

Zero-Day IE 7 Flaw Discovered

Microsoft once again has to contend with "Exploit Wednesday." This time, the problem is a zero-day IE 7 flaw discovered soon after the Patch Tuesday release.

December's Patch Arrives, Addressing 28 Security Bugs

Microsoft found vulnerabilities galore to fix in its final scheduled security patch for the year.

December's Patch Arrives, Addressing 28 Security Bugs

December's Patch Tuesday will be a historic security update release. But it won't be because of the size and scope of the eight patches.

Analysts: Enterprise Architecture Key To Stopping Cyberattacks

Enterprise architecture must be a key part of the strategy used to protect computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist.

Survey Highlights Open Source Perceptions, Pitfalls

If you use open source software (OSS), Gartner recommends you have an official OSS policy. But a surprising number of open source adopters are operating without one.

Heavy Patch Tuesday Expected Next Week

Microsoft is projecting eight fixes for its December security patch arriving on Tuesday.

IT Security: Expect More Misery in 2009

A Symantec report describes IT security trends for this year and the next.

Unpatched Systems at Risk From Worm, Microsoft Says

A worm that exploits remote procedure call technology has been showing up on unpatched Windows-based networks.

Researchers Find Vista Kernel Memory Security Bug

The problem seems to be a proof-of-concept exploit that has not affected Microsoft's customers.

November's Patch Addresses Two Windows App Exploits

Remote code execution vulnerabilities in Windows applications get addressed.