12 Months of Progress for the Microsoft Security Response Centre
by Stephen Toulouse - Security Program Manager of the Microsoft Security Response Centre (MSRC) - Tuesday, 25 October 2005.
Customers have told us that they want more prescriptive and timely guidance on security issues and Microsoft has responded to that feedback by continuously improving the security communications we deliver to customers. This spring, we announced a pilot of a new offering, Microsoft Security Advisories, which aim to provide guidance and information about security related software changes or software updates. Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still impact customers' overall security.

In addition to the Microsoft Security Advisories, Microsoft has recently made available the Advanced Notification Program to help IT professionals plan their resources appropriately for deploying security updates. Three business days before the bulletins are released, general information is provided about the maximum number and severity of the bulletins. We've also enabled a Security Notification Service to alert customers to new bulletins and advisories as well as an RSS feed and MSN Messenger Alerts for security bulletins.

The MSRC also hosts monthly technical webcasts to offer customers additional support and guidance when deploying security updates and a regular Security360 webcasts to make prescriptive security guidance, education and training available to customers.

One of my favorite new things we've launched this year is the MSRC blog which provides insight directly from those working in the MSRC on recent security related news, announcements, activities and threat issues. This is a great way to get to know those folks that are working behind the scenes night and day to help protect customers. You can read all about at blogs.technet.com/msrc/default.aspx.

Another new tool released this year is the Malicious Software Removal Tool. This tool is updated each month to remove the most common malware threats that may be present on a user's machine. To be clear, this tool is not meant to be a substitute for good anti-virus software. However, it can help customers get back on their feet if they have been affected by any of the threats the tool is designed to remove. We have had a good response to this so far and look forward to continuing to update it each month to help customers.

In addition, Microsoft has come to offer customers a consistent and integrated set of new technologies that reduce the complexity and help customers better manage the update process for Microsoft software. In June we announced the immediate availability of Windows Server Update Services (WSUS) and Microsoft Update (MU). WSUS is the update management component of Windows Server that enables mid-sized and enterprise companies to more easily assess, control and automate the deployment of Microsoft software updates. MU is a new service offered at no charge that gives customers everything they get through Windows Update (WU), plus high priority updates for more recent versions of Office and other Microsoft applications. It's a one-stop destination for updates that help make your computer more secure, up-to-date, and performing at its best.

Only recently in July, we released the Microsoft Baseline Security Analyzer (MBSA) 2.0 which helps improve the security management process by detecting common security misconfigurations and missing security updates on your computer systems. We also released the SMS 2003 Inventory Tool (SMS). This tool enables the detection and deployment of the latest security updates, update rollups and service packs from Microsoft; improved patch management through a more comprehensive and more widely-supported detection technology; broader detection support for more Microsoft products; and consistent product support across multiple detection technologies including parity with Automatic Updates.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th