Microsoft Security

Your source for the latest Microsoft security news and analysis.

Microsoft Subnet
May. 11, 2008
Microsoft Security Watch covers the latest in Microsoft related security news, expert blogs, resources, and more from Network World editors.

Vista as insecure as Windows 2000
May. 09, 2008
Good news for users of Windows Vista. According to figures compiled by PC Tools, the OS has experienced only slightly more vulnerabilities than Windows 2000, which appeared eight years ago when malware was far less ...

0day treasure hunt: researcher hides IE attack on Web
May. 07, 2008
Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack.

Microsoft is winning the NAC war, expert says
May. 06, 2008
Security guru Joel Snyder from Opus One recently starred as the guest of a live Network World chat where he discussed the state of network access control. Snyder says that those who are anti-NAC simply don't understand ...

How one site dealt with SQL injection attack
May. 01, 2008
U.K.-based car-marketing site Autoweb was one of many Web sites hit in the Internet wave of SQL injection attacks first noticed Friday April 25. AutoWeb was smashed up, but its CIO tells how the site was repaired and ...

Security through obscurity has never worked, and Microsoft’s COFEE will encourage hackers ...
May. 01, 2008
Microsoft has announced a suite of tools called COFEE that makes forensic analysis of Windows easier. This means that there is a whole universe of potential exploits just waiting to be found.

XP change corrupts data, hamstrings SP3 rollout
May. 01, 2008
Microsoft confirmed Wednesday that it delayed the rollout of Windows XP Service Pack 3 (SP3) because changes to the operating system can corrupt data in the company's retail point-of-sale and store management software.

Microsoft botnet-hunting tool helps bust hackers
Apr. 29, 2008
Botnet fighters have another tool in their arsenal, thanks to Microsoft.

Interop Labs test results: Microsoft gets it NAC act together
Apr. 28, 2008
The world of network access control is being drawn, irresistibly, into Microsoft's orbit now that the Redmond giant's full repertoire of Network Access Protection client, server and policy components are out there in ...

Researcher finds new flaw in QuickTime for Windows
Apr. 28, 2008
A security think tank says it has found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2.

Microsoft Vista security impresses IT staffers hot for NAC
Apr. 29, 2008
Las Vegas -- Microsoft's network access control client in Vista and now in Windows X has a lot of IT executives excited, according to an informal poll of about 250 attendees of an Interop Las Vegas NAC seminar who are ...

Chinese blogs detail zero-day flaw in Microsoft Works
Apr. 18, 2008
Chinese-language blogs are detailing a zero-day vulnerability in Microsoft Works, the company's lower-end office productivity suite, according to security vendor McAfee.

iFrame attacks surge, security firm says
Apr. 24, 2008
A flood of SQL injection attacks on Microsoft Internet Information Servers are leaving Web pages with malicious iFrames in them, and Panda Security is urging network managers to make sure their Web pages haven't been ...

Microsoft: We took out Storm botnet
Apr. 22, 2008
Microsoft Tuesday took credit for crushing the Storm botnet, saying that the malware search-and-destroy tool it distributes to Windows users disinfected so many bots that the hackers threw in the towel.

Microsoft didn't crush Storm, counter researchers
Apr. 24, 2008
Microsoft didn't crush the Storm botnet as it has claimed, rival security researchers argued today. Instead, the criminals responsible for the army of compromised computers diversified last year to avoid attention and ...

Windows XP SP3 completes Microsoft's NAC architecture
Apr. 24, 2008
Microsoft says it will release Windows XP Service Pack 3 by the end of the month, dropping the final shoe needed to complete its NAC architecture, which it calls network access protection (NAP).

HP gear supports and simplifies Microsoft NAP
Apr. 22, 2008
HP is announcing that its gear supports Microsoft NAP and claiming that it also makes NAP simpler to configure.

Microsoft credits researchers for hacking
Apr. 22, 2008
Security researchers are free to investigate Microsoft's online services for security bugs, without fear of prosecution - as long as they submit the bugs they find

Microsoft data show Web attacks taking off
Apr. 22, 2008
Criminals changed tactics in the last six months of 2007, dropping malicious e-mail in favor of Web-based attacks, according to data reported to Microsoft by Windows users.

Zero-day bug puts Web hosters at risk
Apr. 21, 2008
Microsoft has warned of an unpatched security vulnerability in Windows that could put many website hosting providers at risk.

Microsoft admits it sent Office nag to all WSUS servers
Apr. 21, 2008
System administrators have ripped Microsoft for pushing a trial anti-piracy program meant for limited distribution to all enterprise update servers, a mistake that has triggered false warnings of Office counterfeits.

Simplifying NAP for SMBs
Apr. 17, 2008
Now that Microsoft's network access protection has arrived, a startup is trying to make a business out of simplifying NAP setup for SMBs.

Microsoft releases remaining Vista SP1 language packs
Apr. 16, 2008
Microsoft Tuesday released the remaining 31 language editions of Windows Vista Service Pack 1 (SP1) to Windows Update.

Cisco's Microsoft-compatible NAC gear almost ready
Apr. 15, 2008
Cisco says it will have its Microsoft-compatible NAC gear ready in about a month, which should be good news for a lot of potential NAC users who are customers of both vendors.

Three hackers found 'Pwn To Own' bug
Apr. 13, 2008
The Flash vulnerability used to hijack a Windows Vista laptop during last month's