| ||||||
Search Microsoft.com for: |
Microsoft Security Response CenterPublished: May 6, 2005 | Updated: May 27, 2005 The Microsoft Security Response Center (MSRC) is a world-class resource for managing and resolving security vulnerabilities and security incidents. Individuals, teams, and entire groups around Microsoft make up the MSRC, which uses state-of-the-art technologies and processes to analyze, develop, and deliver quality security updates, tools, and prescriptive guidance to help customers minimize risk from security vulnerabilities and security incidents. On This Page
Managing Security VulnerabilitiesThe MSRC is focused on providing customers with top-quality security updates. Through our enhanced, simplified monthly release process, we provide advanced resources and extensive guidance, which allows customers to more easily manage their systems effectively and predictably. Vulnerability MonitoringThe MSRC is constantly on alert for potential security issues by monitoring security newsgroups and e-mail sent to secure@microsoft.com. We encourage security researchers to report security vulnerabilities responsibly and directly to us, and we collaborate with industry partners in identifying threats and finding solutions. The MSRC has been at the forefront of numerous improvements Microsoft has made to the security update process, including:
What Happens Before a ReleaseAfter we receive a report of a security vulnerability, we begin the following processes:
What Happens During a ReleaseMicrosoft security updates are routinely released on the second Tuesday of each month and made available for download through Windows Update, Automatic Updates, and the Microsoft Download Center. Microsoft also offers enterprise customers free tools to assist in the detection and deployment of security updates, including:
In addition, the MSRC sends notices to customers and partners and posts information to security newsgroups. What Happens After a ReleaseAlong with ongoing bulletin maintenance, the MSRC provides:
Responding to Security IncidentsIn addition to managing security vulnerabilities, the MSRC also leads an unparalleled worldwide response process to investigate and analyze security incidents. We mobilize teams across the company and around the world to keep on top of security threats and to provide information, guidance, mitigations, and tools when a security incident threatens customers. Notify and Mobilize ResourcesWhen a security incident arises, the MSRC convenes to evaluate the severity of the situation and mobilizes Microsoft resources worldwide to gain a thorough understanding of the situation. The security and support personnel we mobilize fall into two main groups: the Emergency Engineering Team and the Emergency Communications Team. Assess and Stabilize the SituationUnder the direction and leadership of the MSRC, the engineering and communications teams asses the situation and review the technical information available, and then begin working on a solution. The teams provide authoritative guidance internally, to Microsoft field sales and support, and externally, to customers, partners, and the media. This initial guidance evolves and expands as new information becomes available, and may include mitigation steps that customers can take to help protect their computers. Resolve and Review LearningsThe MSRC provides information and tools as quickly as possible to help customers restore normal operations. Once a solution is ready for customers, such as a security update or tool, we communicate this information publicly through Microsoft.com Web sites, Microsoft Sales and Product Support Services, and leading industry partners. After an incident is resolved, we lead an internal review of the entire response effort to reinforce things that went well and to improve that we need to do better. Information, Guidance, and Tools for YouWe at the MSRC are committed to limiting the effect of potential security issues. Every computer user can help in this effort by following safe computing practices, staying informed about the latest issues, and keeping their software up to date. Stay Informed
Update Your Software
Practice Safe Computing
|