*
Microsoft.com Home|Site Map
Microsoft*
Search Microsoft.com for:
Security 

Microsoft Security Response Center

Published: May 6, 2005 | Updated: May 27, 2005
**
View Media

Inside the MSRC

Media icon300K
Get Windows Media Player
**

The Microsoft Security Response Center (MSRC) is a world-class resource for managing and resolving security vulnerabilities and security incidents. Individuals, teams, and entire groups around Microsoft make up the MSRC, which uses state-of-the-art technologies and processes to analyze, develop, and deliver quality security updates, tools, and prescriptive guidance to help customers minimize risk from security vulnerabilities and security incidents.

On This Page
Managing Security VulnerabilitiesManaging Security Vulnerabilities
Responding to Security IncidentsResponding to Security Incidents
Information, Guidance, and Tools for YouInformation, Guidance, and Tools for You

Managing Security Vulnerabilities

What happens before, during, and after a security update release.

The MSRC is focused on providing customers with top-quality security updates. Through our enhanced, simplified monthly release process, we provide advanced resources and extensive guidance, which allows customers to more easily manage their systems effectively and predictably.

Vulnerability Monitoring

The MSRC is constantly on alert for potential security issues by monitoring security newsgroups and e-mail sent to secure@microsoft.com. We encourage security researchers to report security vulnerabilities responsibly and directly to us, and we collaborate with industry partners in identifying threats and finding solutions.

The MSRC has been at the forefront of numerous improvements Microsoft has made to the security update process, including:

A predictable release schedule.

We routinely release security updates on the second Tuesday of each month. An unscheduled release is possible anytime if customers are at immediate risk from a malicious attack.

Our Software Update Validation Program helps ensure the quality of releases.

Our advanced notifications provide information about security updates three business days before release.

Advanced resources, tools and guidance.

We produce a monthly webcast about the new security bulletins.

Our RSS feeds deliver security update information directly to customers' computers or mobile devices.

Our Microsoft Windows Malicious Software Removal Tool helps customers remove damaging or intrusive software to maintain a safer computing environment.

We provide enhanced guidance in security bulletins, including mitigation steps for security vulnerabilities, as well as information on update distribution and deployment.

What Happens Before a Release

After we receive a report of a security vulnerability, we begin the following processes:

Triage. We assess and prioritize all reports to identify the possible impact on customers.

Development and test. Together with the corresponding software development team, we investigate the impact of the security issue and develop a correction. The resulting code is rigorously and extensively tested for quality and compatibility.

Guidance. We prepare a security bulletin, which includes a description of the vulnerabilities being addressed, mitigation steps, and answers to frequently asked questions.

What Happens During a Release

Microsoft security updates are routinely released on the second Tuesday of each month and made available for download through Windows Update, Automatic Updates, and the Microsoft Download Center. Microsoft also offers enterprise customers free tools to assist in the detection and deployment of security updates, including:

Microsoft Baseline Security Analyzer (MBSA).

Enterprise Scanning Tool (EST).

Software Update Services (SUS).

In addition, the MSRC sends notices to customers and partners and posts information to security newsgroups.

What Happens After a Release

Along with ongoing bulletin maintenance, the MSRC provides:

A monthly Security Bulletin webcast, broadcast at 11 a.m. PT on the morning after the monthly release. This series provides customers with prescriptive security guidance and gives them the opportunity to ask specific questions about deploying the new updates.

Monitoring the download and installation rate of updates through Windows Update and the Download Center, and tracking customer concerns through Product Support Services.

Responding to Security Incidents

What happens before, during, and after a security incident.

In addition to managing security vulnerabilities, the MSRC also leads an unparalleled worldwide response process to investigate and analyze security incidents. We mobilize teams across the company and around the world to keep on top of security threats and to provide information, guidance, mitigations, and tools when a security incident threatens customers.

Notify and Mobilize Resources

When a security incident arises, the MSRC convenes to evaluate the severity of the situation and mobilizes Microsoft resources worldwide to gain a thorough understanding of the situation. The security and support personnel we mobilize fall into two main groups: the Emergency Engineering Team and the Emergency Communications Team.

Assess and Stabilize the Situation

Under the direction and leadership of the MSRC, the engineering and communications teams asses the situation and review the technical information available, and then begin working on a solution. The teams provide authoritative guidance internally, to Microsoft field sales and support, and externally, to customers, partners, and the media. This initial guidance evolves and expands as new information becomes available, and may include mitigation steps that customers can take to help protect their computers.

Resolve and Review Learnings

The MSRC provides information and tools as quickly as possible to help customers restore normal operations. Once a solution is ready for customers, such as a security update or tool, we communicate this information publicly through Microsoft.com Web sites, Microsoft Sales and Product Support Services, and leading industry partners. After an incident is resolved, we lead an internal review of the entire response effort to reinforce things that went well and to improve that we need to do better.

Information, Guidance, and Tools for You

We at the MSRC are committed to limiting the effect of potential security issues. Every computer user can help in this effort by following safe computing practices, staying informed about the latest issues, and keeping their software up to date.

Stay Informed

Keep current with new security updates.

Sign up to receive security update Alerts in e-mail, MSN Messenger, Windows Messenger, or on a mobile device such as your phone or PDA.

Use RSS feeds to stay informed about the latest security bulletins and widely released high-priority security updates.

Receive advance notification and information about upcoming bulletin releases.

Use Security Bulletin search to find a particular bulletin.

Visit the Microsoft Security Web site for the latest information on a security incident.

Watch the monthly Security Bulletin webcast.

Read the MSRC Blog for up-to-date information.

Update Your Software

Download and deploy security updates from the Windows Update Web site or the Microsoft Download Center.

Practice Safe Computing

Take steps to Protect Your PC.

Find guidance to help protect your computer at home.

Find guidance to help protect your computer at work.



© 2005 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement