A newly reported zero-day vulnerability (CVE-2019-0859) discovered by Kaspersky Lab this week uses PowerShell to attack Windows systems.
A security breach that originated from the start of this year exposed some Microsoft e-mail users' accounts to "individuals outside Microsoft," the company admitted this past week.
Microsoft on Tuesday released its April security patch bundle, as well as one security advisory on Adobe Flash.
Microsoft this week announced the general availability of its new Azure Active Directory Password Protection feature, which aims to diminish the threat of password spray attacks.
Microsoft has announced the release of System Center Configuration Manager (SCCM) Update 1902, as well as the general availability of both Microsoft 365 Security Center and Microsoft 365 Compliance Center.
As many as 1 million Asus computer users were targeted last year in a "supply-chain attack," according to a report Monday by software security firm Kaspersky Lab.
Microsoft is rebranding its Windows Defender Advanced Threat Protection (ATP) product to "Microsoft Defender ATP" to reflect its newly added support for Mac clients.
Microsoft addressed 64 common vulnerabilities and exposures (CVEs) in its March security patch bundle, released this week on "update Tuesday."
Azure Firewall, Microsoft's firewall-as-a-service security offering for organizations using Azure virtual machines, is getting several improvements that tap the company's Threat Intelligence service.
The move toward passwordless Web authentications took another step this week, with the World Wide Web Consortium (W3C) announcing that it now considers the Web Authentication (WebAuthn) specification to be an official standard.
Windows Defender ATP for Windows 7 and Windows 8.1 is now generally available, Microsoft announced last week, after being in preview since last spring.
Microsoft recently described its timeline for phasing out Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, and for upgrading to SHA-2.
A Microsoft Tech Community post is urging organizations to use caution when using Microsoft's tools to manage Windows updates.
An updated guide for managing speculative execution side-channel attacks was issued recently by the U.S. National Security Agency (NSA).
A pair of Cisco small business router products are susceptible to information disclosure attacks, the networking giant acknowledged last week.
Exchange Server versions from Exchange Server 2013 and newer have a vulnerability that could permit the impersonation of any user, leading to "control of an affected system," according to researchers from the U.S. Computer Emergency Readiness Team (UC-CERT).
Microsoft is previewing a new "one-time passcodes" feature in its Azure Active Directory Business to Business (B2B) service.
Several reports are pointing the finger at Microsoft's most recent "update Tuesday" security patches for multiple Windows 7 problems.
Microsoft released a relatively light batch of security fixes for January's "update Tuesday," though they affect everything from Windows to Microsoft's browsers to the .NET Framework.
Microsoft this month enabled the ability to use session ID information in Exchange Online audit logs, giving IT pros another tool to better detect attacks.