Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: New Security Tools for IIS and SQL

    In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information...
  • Blog Post: SQL Server 2005 - 1 Year And Not Yet Counting...

    Vulnerabilities, that is. It has been about a year now since SQL Server 2005, so I thought this would be a good time to review how it has done security-wise. The latest SQL Server product from Microsoft has had zero vulnerabilities disclosed or fixed in its first year of availability. First, I want...
  • Blog Post: SQL Server - Fact Checking Recent Vulnerability History

    UPDATE: The story that originally got my attention has been updated in all of the places I could still find it yesterday, so I'm pulling my references to the story and just focusing on the positive story of SQL Security improvement. Jeff Last week a web-based news story comes to my attention which asserted...
  • Blog Post: Server Launch : Security Highlights

    Today is Launch Day for 3 big products from Microsoft - Windows Server 2008, Visual Studio 2008 and SQL Server 2008. Click on the image to learn more general information and participate in the virtual launch. I want to briefly salute some of the security improvement represented by these products. This...
  • Blog Post: Enterprise Strategy Group on SQL 2005: ``Microsoft Years Ahead...''

    UPDATE: Download the full report PDF With a year's track-record, SQL Server 2005's positive security performance is being noticed beyond just my own observations ( SQL Server 2005 - 1 Year And Not Yet Counting... ). Enterprise Strategy Group (ESG), a technology industry analyst group released a study...