Microsoft Baseline Security Analyzer (MBSA)
Use this tool to identify common security misconfigurations and missing security updates. MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
Software Update Services (SUS) / Windows Update Services (WUS)
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.
Microsoft Office Product Updates
Scans and updates Microsoft Office products.
IIS Web Server Lockdown Wizard
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
UrlScan Security Tool
Helps prevent potentially harmful HTTP requests from reaching IIS Web servers.
Mydoom, Zindos and Doomjuice worms: http://support.microsoft.com/?kbid=836528
Blaster Removal Tool for Windows XP and 2000:
Sasser (A-F) Worm Removal Tool:
Security Risk Self-Assessment for Midsize Organizations http://www.securityguidance.com
for organizations with fewer than 1,000 employees
Understanding Update Management: Microsoft’s Software Update Strategy
Updated white paper talks about the need for strong update management process.
Other Update Management info in the TechNet Topics Page
Isolation and Resiliency
Listing of resources for the IT Pro to evaluate and deploy XP SP2
Network Access Protection
New Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server
Trustworthy Computing: Security
Whitepapers on Security Enhancements:
Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003:
Exchange Server 2003:
Get the Facts on Windows and Linux
Guidance and Training
Security Guidance Centers on Microsoft.com
Prescriptive guidance to help provide defence-in-depth security.
E-Learning Security Training
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules.
Now available in French, German, Spanish and Japanese
Security Guidance Kit CD (now shipping in US and Canada)
CD-ROM with tools, templates, and how-to guides
Microsoft IT Security Showcase
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.
Security Program Guide: Events and Training Information
Events, webcasts and training ivailable for both IT Professionals and Developers.
US Security Summit Keynote and Training Content
Security Notifications via e-mail
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.
Security Update RSS Feed
Security Bulletin Search Page
Search on product, technology or KB article
Security Bulletin Webcast
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.
How to Tell If a Microsoft Security-Related Message Is Genuine
Writing Secure Code, 2nd edition
Best practices for writing secure code and stopping malicious hackers.
Building and Configuring More Secure Web Sites
Best Practices used at OpenHack.
Recent Security Guidance Center additions:
Windows XP Guide, includes SP2
New Windows NT 4.0 and Windows 98 Threat Mitigation Guide
Microsoft Identity and Access Management Series
Securing Wireless LANs with PEAP and Passwords
Small Business Guidance:
Guidance specifically for the smaller business
Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business
Security “At Home” Site
Newsletter for home users
Security bulletin notifications for home users