Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: New Security Tools for IIS and SQL

    In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information...
  • Blog Post: SQL Server 2005 - 1 Year And Not Yet Counting...

    Vulnerabilities, that is. It has been about a year now since SQL Server 2005, so I thought this would be a good time to review how it has done security-wise. The latest SQL Server product from Microsoft has had zero vulnerabilities disclosed or fixed in its first year of availability. First, I want...
  • Blog Post: Microsoft SQL vs Oracle : David Litchfield Comparison Paper

    From what most will consider a more authoritative source than me, David Litchfield, a new paper addresses the question Which database is more secure? Oracle vs. Microsoft . I recently analyzed the first year of SQL Server 2005 in SQL Server 2005 - 1 Year And Not Yet Counting... and the Enterprise Security...
  • Blog Post: SQL Server - Fact Checking Recent Vulnerability History

    UPDATE: The story that originally got my attention has been updated in all of the places I could still find it yesterday, so I'm pulling my references to the story and just focusing on the positive story of SQL Security improvement. Jeff Last week a web-based news story comes to my attention which asserted...