Security Resources


Microsoft Baseline Security Analyzer (MBSA)
Use this tool to identify common security misconfigurations and missing security updates. MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
Software Update Services (SUS) / Windows Update Services (WUS)
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.

Windows Update
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.

Microsoft Office Product Updates
Scans and updates Microsoft Office products.

IIS Web Server Lockdown Wizard
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
UrlScan Security Tool
Helps prevent potentially harmful HTTP requests from reaching IIS Web servers.

Removal Tools:
Mydoom, Zindos and Doomjuice worms:

Blaster Removal Tool for Windows XP and 2000:

Sasser (A-F) Worm Removal Tool:

Other Tools:

Security Risk Self-Assessment for Midsize Organizations
for organizations with fewer than 1,000 employees


Understanding Update Management: Microsoft’s Software Update Strategy
Updated white paper talks about the need for strong update management process.

Other Update Management info in the TechNet Topics Page

Isolation and Resiliency

Listing of resources for the IT Pro to evaluate and deploy XP SP2

Network Access Protection

New  Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server

Engineering Excellence

Trustworthy Computing: Security

Whitepapers on Security Enhancements:
Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003:
Office 2003:
Exchange Server 2003:

Get the Facts on Windows and Linux

Guidance and Training

Security Guidance Centers on
Prescriptive guidance to help provide defence-in-depth security.

E-Learning Security Training
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules.
Now available in French, German, Spanish and Japanese

Security Guidance Kit CD (now shipping in US and Canada)
CD-ROM with tools, templates, and how-to guides

Microsoft IT Security Showcase
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.

Security Newsletter
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.

Security Program Guide: Events and Training Information
Events, webcasts and training ivailable for both IT Professionals and Developers.

US Security Summit Keynote and Training Content

Security Notifications via e-mail
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.

Security Update RSS Feed

Security Bulletin Search Page
Search on product, technology or KB article

Security Bulletin Webcast
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.

How to Tell If a Microsoft Security-Related Message Is Genuine

Writing Secure Code, 2nd edition
Best practices for writing secure code and stopping malicious hackers.

Building and Configuring More Secure Web Sites
Best Practices used at OpenHack.

Recent Security Guidance Center additions:
Windows XP Guide, includes SP2
New  Windows NT 4.0 and Windows 98 Threat Mitigation Guide
Microsoft Identity and Access Management Series
Antivirus Defense-in-Depth
Securing Wireless LANs with PEAP and Passwords

Small Business Guidance:
Guidance specifically for the smaller business

Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business

Consumer Information:
Security “At Home” Site

Newsletter for home users

Security bulletin notifications for home users

Skip to main content