Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.
Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.
This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.
Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.
Microsoft's February "update Tuesday" release was notable for delivering major security updates and architectural changes to all supported Exchange Server products, along with a "zero-day" IE patch.
Microsoft took the rare step of announcing the release of Exchange Server quarterly updates that will include "critical security" fixes, while also changing the architectures of all supported Exchange Server products.
Microsoft on Monday touted its Azure Advanced Threat Protection (ATP) service as being capable of alerting organizations when they are subject to NT LAN Manager (NTLM) relay attacks.
Buggy patches are all but inevitable -- especially, it seems, if they're from Microsoft. Maybe the old wait-and-see approach to Office patching is worth a second look.
Microsoft has been adding to its Azure Active Directory capabilities in recent weeks.
Microsoft on Monday issued Security Advisory ADV190007 concerning an elevation-of-privilege vulnerability that's present in most Exchange Server versions.
Organizations using Microsoft's tools to manage Windows updates could be missing out on early fixes to problems because of the way Microsoft classifies its updates.
The U.S. National Security Agency issued updated guidance late last month on the various speculative execution side-channel flaws that open up all systems using modern processors to potential attacks.
Microsoft announced a number of security and compliance improvements that mostly apply to users of its Microsoft 365-licensed products.
Cisco acknowledged vulnerabilities in two of its small business router products last week that could lead to information disclosures.
The U.S. Computer Emergency Readiness Team this week noted that Exchange Server versions from Exchange Server 2013 on up have a vulnerability that could permit the impersonation of any user, leading to "control of an affected system."
Microsoft added a preview feature to its Azure Active Directory Business to Business (B2B) service that makes it easier for business partners to gain access to an organization's network resources.
Microsoft announced a subtle change to its .NET Framework patch labeling earlier this week that's notable for IT pros handling the monthly patching of Windows 10 and Windows Server 2019 environments.
January 14 marks a one-year period before the end of support for Windows 7.
Windows 7 was a notable victim of this month's "update Tuesday" security patch releases by Microsoft, according to various accounts.
Microsoft offered a relatively mild "update Tuesday" bundle of security fixes in its January release this month.