As the Internet has grown in popularity so too have threats against computer users; making it critical for individuals and companies to employ effective security strategies to protect their critical information. Microsoft created the Microsoft Security Response Centre (MSRC) to investigate, fix and learn about security vulnerabilities and to help keep customers protected from malicious attacks. The MSRC is comprised of individuals, teams and entire groups around Microsoft; all dedicated to analysing, developing and delivering quality security updates, tools and prescriptive guidance to customers to help protect customers from security threats.

The last 12 months have been a particularly busy time for the MSRC, and, upon reflection, there are two activities that stand out to me. These were the releases of two major operating system service packs: Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.


Windows XP SP2 was released in August 2004, and we are very pleased with the results so far. One of the key goals around this release was to get enhanced security features for Windows XP into the hands of consumers and enterprises, and so far more than 218 million copies have been distributed worldwide. This was an important security milestone for us. Many people put a lot of effort into this service pack and features like the firewall being on by default and the hardening changes made to Internet Explorer are already paying off and helping customers become more secure.

In Service Pack 1 for Windows Server 2003, the great features and security enhancements I mention above for Windows XP SP2 were also incorporated into this product, along with many other changes. We're particularly excited about the Security Configuration Wizard feature, which reduces the attack surface by querying users about the role their servers fill and then stopping all services and blocking ports that are not needed.