Organizations need a commitment to security and better implementation of security tools, experts say.
Weaknesses found in the MD5 hash algorithm could be used as a basis to generate fraudulent X.509 Certification Authority certificates.
Redmond continues to investigate a new zero-day bug affecting popular database application SQL Server.
Microsoft reacted quickly to a vulnerability in Internet Explorer by issuing an out-of-cycle fix.
Microsoft released a beta version of its Code Analysis Tool and Anti-Cross Site Scripting Library for developers.
The head of Microsoft's Internet Explorer team described how developers can prepare for IE8's general release.
Cisco's 2008 Annual Security Report report highlighted the increasing sophistication of Internet-based attacks, largely because cyber-criminals themselves are becoming increasingly sophisticated.
Microsoft ratcheted up its product support for SQL Server 2005 by releasing Service Pack 3 (SP3) on Monday, along with SP3 Cumulative Update 1.
Microsoft will end 2008 with a "critical" out-of-cycle patch for IE, according to an advance notification issued Tuesday for a new security update slated for release on Dec. 17.
A "critical" security hole in Internet Explorer will not be fixed until sometime in 2009.
A security contest found more bugs in Google Chrome and Firefox than in Microsoft's IE8 browser.
The search giant is testing the secure execution of Web code natively on x86-based machines.
Bob Kelly described Microsoft's pursuit of a "$400 billion plus" server and tools market.
Microsoft once again has to contend with "Exploit Wednesday." This time, the problem is a zero-day IE 7 flaw discovered soon after the Patch Tuesday release.
December's Patch Tuesday will be a historic security update release. But it won't be because of the size and scope of the eight patches.
Microsoft found vulnerabilities galore to fix in its final scheduled security patch for the year.
Enterprise architecture must be a key part of the strategy used to protect computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist.
If you use open source software (OSS), Gartner recommends you have an official OSS policy. But a surprising number of open source adopters are operating without one.
Microsoft is projecting eight fixes for its December security patch arriving on Tuesday.
A Symantec report describes IT security trends for this year and the next.