Redmond's enterprise IM product left beta this week, but full-fledged interoperability with AOL and Yahoo hasn't yet arrived.

The SANS Institute released its annual list of the top 20 Internet security vulnerabilities, pinpointing Web servers and services (Windows) and BIND (Unix) as containing the most dangerous security holes.

Apple Wednesday released patches for more than a dozen flaws in the Jaguar and Panther versions of the Mac operating system.

Apple Computer Tuesday rolled out a major security update to fix several vulnerabilities in its flagship Mac OS X Panther client platform.

Microsoft Tuesday warned of a moderately critical vulnerability that puts users at risk for cross-site scripting and spoofing attacks.

Exploit code for a known security flaw in Windows 2000 has been posted online, putting millions of users at risk of a PC hijack. MS04-019 and MS04-022 security patches are available to fix the problem.

A bug in the open source server puts some users at risk for arbitrary code execution.

Earlier this week, a pair of security flaws were found in the Internet Systems Consortium's implementation of the DHCP that could leave users at risk for denial-of-service or code execution attacks.

Apple Tuesday rolled out a patch to protect Mac OS X users from several vulnerabilities that left them at risk for system hijack, security bypass, DoS attacks, and other threats.

Macromedia Monday rolled out a patch to fix a denial-of-service vulnerability found in its ColdFusion MX 6.1 product suite.

Macromedia has released a series of patches to plug security holes in its flagship Macromedia MX 2004 products.

A security flaw in the Linux kernel carries a 'critical' rating and could be exploited to give an attacker full super-user privileges.

HP issued a security patch Friday to plug 'highly critical' holes in its HP Tru64 Unix operating system. It warned that a successful exploit could lead to system takeover.

Oracle issued a fix for multiple vulnerabilities in its database server software.

Sun Microsystems earlier this week warned of a buffer overflow vulnerability in its Sun ONE/iPlanet Web Server product.

The Apache Foundation has started development of an open source, Apache-licensed implementation of the J2EE specification.

An exploit for the security vulnerability is already publicly available, increasing the urgency for the application of the patch.

At a time when sysadmins are being scolded for not patching their systems, Microsoft pulls a security patch for NT 4.0 systems, admitting it introduces an error that may cause systems to crash.

CERT issued an advisory late Monday warning that in severe cases remote attackers could execute arbitrary code with the privileges of the Secure Shell process.

CERT Thursday warned of a remotely exploitable security hole in Sun Microsystems' Cobalt RaQ 4 server appliances. Exploitation of this hole could lead to code execution with superuser privileges.

Sun Wednesday confirmed the security flaw in its X Window Font System and offered a workaround until a comprehensive patch can be issued.

The Apache HTTP Server Project warned Thursday that several security holes in the Apache source code are being actively exploited on the Internet. It is urging IT managers to urgently upgrade to version 1.3.27 or 2.0.43 or higher.

Internet Security Systems issued a security alert Tuesday warning of serious security flaws found in versions 4 and 8 of BIND that affect nearly all currently deployed recursive DNS servers on the Internet. IIS recommends immediately upgrading to BIND version 9.2.1.

Security consulting firm @stake Tuesday discovered a vulnerability in the Oracle9i Application Server that could lead to denial of service scenarios.

IBM lifted the wraps off of version 1.2 of its WebSphere Telecom Application Server software, which lets telecommunications service providers create and deliver tools.