Security Resources

Tools

---

Microsoft Baseline Security Analyzer (MBSA)
https://www.microsoft.com/mbsa
Use this tool to identify common security misconfigurations and missing security updates. MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
 
Software Update Services (SUS) / Windows Update Services (WUS)
https://www.microsoft.com/wus
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.

Windows Update
https://windowsupdate.microsoft.com/
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.

Microsoft Office Product Updates
https://office.microsoft.com/productupdates/
Scans and updates Microsoft Office products.

IIS Web Server Lockdown Wizard
https://www.microsoft.com/technet/security/tools/locktool.mspx
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
 
UrlScan Security Tool
https://www.microsoft.com/technet/security/tools/urlscan.mspx
Helps prevent potentially harmful HTTP requests from reaching IIS Web servers.

Removal Tools:
Mydoom, Zindos and Doomjuice worms: https://support.microsoft.com/?kbid=836528

Blaster Removal Tool for Windows XP and 2000:
https://www.microsoft.com/downloads/details.aspx?familyid=e70a0d8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en

Sasser (A-F) Worm Removal Tool:
https://support.microsoft.com/?kbid=841720

Other Tools:
https://www.microsoft.com/technet/security/tools/default.mspx

Security Risk Self-Assessment for Midsize Organizations https://www.securityguidance.com
for organizations with fewer than 1,000 employees

Updating

---

Understanding Update Management: Microsoft’s Software Update Strategy
https://www.microsoft.com/technet/security/topics/patch/patchmanagement.mspx
Updated white paper talks about the need for strong update management process.

Other Update Management info in the TechNet Topics Page
https://www.microsoft.com/technet/security/topics/patch/default.mspx

Isolation and Resiliency

---

Listing of resources for the IT Pro to evaluate and deploy XP SP2
https://www.microsoft.com/technet/winxpsp2

Network Access Protection
https://www.microsoft.com/nap

New Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
https://www.microsoft.com/isaserver/evaluation/whitepapers/default.asp
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server

Engineering Excellence

---

Trustworthy Computing: Security
https://www.microsoft.com/mscorp/twc/security/default.mspx

Whitepapers on Security Enhancements:
Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003:
https://www.microsoft.com/windowsserver2003/techinfo/overview/secinnovation.mspx
Office 2003:
https://www.microsoft.com/technet/prodtechnol/office/office2003/deploy/secdesn.mspx
Exchange Server 2003:
https://www.microsoft.com/exchange/evaluation/Security_e2k3.asp

Get the Facts on Windows and Linux
https://www.microsoft.com/getthefacts

Guidance and Training

---

Security Guidance Centers on Microsoft.com
Worldwide: https://www.microsoft.com/security/guidance/worldwide/default.mspx
US: https://www.microsoft.com/security/guidance
Prescriptive guidance to help provide defence-in-depth security.

E-Learning Security Training
https://www.microsoftelearning.com/security/
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules.
Now available in French, German, Spanish and Japanese

Security Guidance Kit CD (now shipping in US and Canada)
https://www.microsoft.com/security/guidance/order/default.mspx
CD-ROM with tools, templates, and how-to guides

Microsoft IT Security Showcase
https://www.microsoft.com/technet/itsolutions/msit/default.mspx
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.

Security Newsletter
https://www.microsoft.com/technet/security/secnews/default.mspx
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.

Security Program Guide: Events and Training Information
https://www.microsoft.com/seminar/events/security.mspx
Events, webcasts and training ivailable for both IT Professionals and Developers.

US Security Summit Keynote and Training Content
https://www.microsoft.com/seminar/securitysummit/presentations/default.mspx

Security Notifications via e-mail
https://www.microsoft.com/technet/security/bulletin/notify.mspx
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.

Security Update RSS Feed
https://www.microsoft.com/technet/security/bulletin/secrss.aspx

Security Bulletin Search Page
https://www.microsoft.com/technet/security/current.aspx
Search on product, technology or KB article

Security Bulletin Webcast
https://www.microsoft.com/technet/security/bulletin/summary.mspx
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.

How to Tell If a Microsoft Security-Related Message Is Genuine
https://www.microsoft.com/security/antivirus/authenticate_mail.asp

Writing Secure Code, 2nd edition
https://www.microsoft.com/mspress/books/5957.asp
Best practices for writing secure code and stopping malicious hackers.

Building and Configuring More Secure Web Sites
https://msdn.microsoft.com/library/en-us/dnnetsec/html/openhack.asp
Best Practices used at OpenHack.

Recent Security Guidance Center additions:
Windows XP Guide, includes SP2
https://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.mspx
New Windows NT 4.0 and Windows 98 Threat Mitigation Guide
https://go.microsoft.com/fwlink/?linkid=32048
Microsoft Identity and Access Management Series
https://go.microsoft.com/fwlink/?LinkId=14841
Antivirus Defense-in-Depth
https://www.microsoft.com/technet/security/guidance/avdind_0.mspx
Securing Wireless LANs with PEAP and Passwords
https://www.microsoft.com/technet/security/guidance/peap_0.mspx

Small Business Guidance:
https://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx
Guidance specifically for the smaller business

Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business
https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx

Consumer Information:
https://www.microsoft.com/security/protect
https://www.microsoft.com/athome/security/default.mspx
Security “At Home” Site

Newsletter for home users
https://www.microsoft.com/security/home/secnews/current.asp

Security bulletin notifications for home users
https://register.microsoft.com/subscription/subscribeme.asp?id=166