Security Resources
Tools
Microsoft Baseline Security Analyzer (MBSA)
https://www.microsoft.com/mbsa
Use this tool to identify common security misconfigurations and missing security updates. MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
Software Update Services (SUS) / Windows Update Services (WUS)
https://www.microsoft.com/wus
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.
Windows Update
https://windowsupdate.microsoft.com/
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.
Microsoft Office Product Updates
https://office.microsoft.com/productupdates/
Scans and updates Microsoft Office products.
IIS Web Server Lockdown Wizard
https://www.microsoft.com/technet/security/tools/locktool.mspx
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
UrlScan Security Tool
https://www.microsoft.com/technet/security/tools/urlscan.mspx
Helps prevent potentially harmful HTTP requests from reaching IIS Web servers.
Removal Tools:
Mydoom, Zindos and Doomjuice worms: https://support.microsoft.com/?kbid=836528
Blaster Removal Tool for Windows XP and 2000:
https://www.microsoft.com/downloads/details.aspx?familyid=e70a0d8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en
Sasser (A-F) Worm Removal Tool:
https://support.microsoft.com/?kbid=841720
Other Tools:
https://www.microsoft.com/technet/security/tools/default.mspx
Security Risk Self-Assessment for Midsize Organizations https://www.securityguidance.com
for organizations with fewer than 1,000 employees
Updating
Understanding Update Management: Microsoft’s Software Update Strategy
https://www.microsoft.com/technet/security/topics/patch/patchmanagement.mspx
Updated white paper talks about the need for strong update management process.
Other Update Management info in the TechNet Topics Page
https://www.microsoft.com/technet/security/topics/patch/default.mspx
Isolation and Resiliency
Listing of resources for the IT Pro to evaluate and deploy XP SP2
https://www.microsoft.com/technet/winxpsp2
Network Access Protection
https://www.microsoft.com/nap
New Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
https://www.microsoft.com/isaserver/evaluation/whitepapers/default.asp
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server
Engineering Excellence
Trustworthy Computing: Security
https://www.microsoft.com/mscorp/twc/security/default.mspx
Whitepapers on Security Enhancements:
Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003:
https://www.microsoft.com/windowsserver2003/techinfo/overview/secinnovation.mspx
Office 2003:
https://www.microsoft.com/technet/prodtechnol/office/office2003/deploy/secdesn.mspx
Exchange Server 2003:
https://www.microsoft.com/exchange/evaluation/Security_e2k3.asp
Get the Facts on Windows and Linux
https://www.microsoft.com/getthefacts
Guidance and Training
Security Guidance Centers on Microsoft.com
Worldwide: https://www.microsoft.com/security/guidance/worldwide/default.mspx
US: https://www.microsoft.com/security/guidance
Prescriptive guidance to help provide defence-in-depth security.
E-Learning Security Training
https://www.microsoftelearning.com/security/
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules.
Now available in French, German, Spanish and Japanese
Security Guidance Kit CD (now shipping in US and Canada)
https://www.microsoft.com/security/guidance/order/default.mspx
CD-ROM with tools, templates, and how-to guides
Microsoft IT Security Showcase
https://www.microsoft.com/technet/itsolutions/msit/default.mspx
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.
Security Newsletter
https://www.microsoft.com/technet/security/secnews/default.mspx
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.
Security Program Guide: Events and Training Information
https://www.microsoft.com/seminar/events/security.mspx
Events, webcasts and training ivailable for both IT Professionals and Developers.
US Security Summit Keynote and Training Content
https://www.microsoft.com/seminar/securitysummit/presentations/default.mspx
Security Notifications via e-mail
https://www.microsoft.com/technet/security/bulletin/notify.mspx
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.
Security Update RSS Feed
https://www.microsoft.com/technet/security/bulletin/secrss.aspx
Security Bulletin Search Page
https://www.microsoft.com/technet/security/current.aspx
Search on product, technology or KB article
Security Bulletin Webcast
https://www.microsoft.com/technet/security/bulletin/summary.mspx
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.
How to Tell If a Microsoft Security-Related Message Is Genuine
https://www.microsoft.com/security/antivirus/authenticate_mail.asp
Writing Secure Code, 2nd edition
https://www.microsoft.com/mspress/books/5957.asp
Best practices for writing secure code and stopping malicious hackers.
Building and Configuring More Secure Web Sites
https://msdn.microsoft.com/library/en-us/dnnetsec/html/openhack.asp
Best Practices used at OpenHack.
Recent Security Guidance Center additions:
Windows XP Guide, includes SP2
https://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.mspx
New Windows NT 4.0 and Windows 98 Threat Mitigation Guide
https://go.microsoft.com/fwlink/?linkid=32048
Microsoft Identity and Access Management Series
https://go.microsoft.com/fwlink/?LinkId=14841
Antivirus Defense-in-Depth
https://www.microsoft.com/technet/security/guidance/avdind_0.mspx
Securing Wireless LANs with PEAP and Passwords
https://www.microsoft.com/technet/security/guidance/peap_0.mspx
Small Business Guidance:
https://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx
Guidance specifically for the smaller business
Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business
https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx
Consumer Information:
https://www.microsoft.com/security/protect
https://www.microsoft.com/athome/security/default.mspx
Security “At Home” Site
Newsletter for home users
https://www.microsoft.com/security/home/secnews/current.asp
Security bulletin notifications for home users
https://register.microsoft.com/subscription/subscribeme.asp?id=166