Security Headlines Archive
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
On This Page
Information About Security Vulnerability in Windows XP Help and SupportCenter (September 12, 2002)
Up to the minute information on security issues regarding the Windows XP Help and Support Center.
Microsoft has released Service Pack 1 for Windows XP (September 9, 2002)
Download Service Pack 1 (SP1) for important updates to the Windows XP Operating System, including fixes to operating system reliability, application compatibility, setup, and security issues.
Information about Reported Architectural Flaw in Windows (September, 2002)
Information about our findings and planned future steps.
Windows 2000 Service Pack 3 (August 2002)
Windows 2000 SP3 includes the updates contained in Windows 2000 Service Pack 1 (SP1), Windows 2000 Service Pack 2 (SP2) and Windows 2000 Security Rollup Package.
28 March 2002 Cumulative Patch for Internet Explorer (March 28, 2002)
A security patch is now available that addresses two newly discovered security vulnerabilities affecting Internet Explorer. This patch also incorporates all previous IE patches.
Behind the Scenes with the Secure Windows Initiative (March 26, 2002)
Get a behind the scenes look at Microsoft's Secure Windows Initiative and see how Microsoft is working every day to make software more secure.
.NET Framework Service Pack 1 now available! (March 20, 2002)
Service Pack 1 includes security and non-security fixes for .NET Framework, and introduces a new default setting that improves security when browsing the web.
FrontPage 2000 Server Extensions Service Release Now Available! (March 7, 2002)
FPSE 2000 Service Release 1.3 includes all previously released security fixes for FrontPage 2000 Server Extensions and forms the secure baseline for future FPSE 2000 security patches.
Window NT Server 4.0, Terminal Server Edition Security Rollup Package 1 (February 2002)
TSE SRP1 is a small, comprehensive rollup of post-SP6 fixes, and provides an easier mechanism for managing the rollout of security fixes.
Inaccurate Claims Regarding Visual C++ .NET Security Feature (February 15, 2002)
A recent report incorrectly claims that a security feature in Visual C++ .NET is flawed. In reality, there is no flaw and the feature works correctly.
Important Information about the "MSN Messenger Worm" (February 14, 2002)
Find out what you can do to protect yourself against the MSN Messenger worm.
RSA Data Security Conference Coming Soon (January 22, 2002)
The RSA Data Security Conference is the premier security event of the year. Don't miss it!
Information about the MyParty Virus (January 29, 2002)
W32.Myparty@mm is a mass-mailing e-mail worm virus / Trojan horse.
Information on the So-Called ".NET Virus" (January 11, 2002)
Find out the real story on the so-called ".NET Virus" from Microsoft's .NET Framework team and Product Support Services.
Office XP Service Pack 1 now available! (December 27, 2001)
Service Pack 1 includes all previously released security fixes for Office XP, and introduces a new feature that improves email security.
Improvements to the Microsoft Product Security Notification Service. (December 21, 2001)
If you're a subscriber to the Security Notification Service, you may have noticed some minor formatting changes in recent mailers. These are the result of a recent upgrade in the Service that should allow us to provide more reliable, timely service.
Patch for Windows XP, ME, 98, 98SE Plug and Play Service (December 20, 2001)
Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if the Universal Plug and Play service is installed and running.
Microsoft Unveils Security Vulnerability Rating System (November 30, 2001)
To help customers assess the priority that should be given to various security patches, Microsoft has begun including a section in all security bulletins that rates the severity of the issue. Learn more about the rating system and how to use it most effectively.
BadTrans Worm Information (Nobember 29, 2001)
Learn details about the BadTrans Worm virus.
Security Tools Available Online (November 12, 2001)
If you don't want to wait for the Security ToolKit, Tools to secure your workstations and servers are available online!
VBS/Loveletter Virus (November 02, 2001)
The VBS/Loveletter virus has affected many customers. However, standard best practices will protect against this and other viruses.
Important new information about the "Nimda" Worm (September 21, 2001)
If you've installed IE 6 on a Windows 95, 98 or ME system, be sure that you're protected against the Nimda worm.
Information on "Nimda" Worm (September 18, 2001)
A new worm is affecting many customers. However, systems that are up to date on security patches are at little risk from it.
Information on Code Blue Worm (September 13, 2001)
A newly reported worm can be blocked by applying a patch released almost a year ago.
IIS Lockdown Tool Now Available! (September 13, 2001)
A new tool lets you instantly secure your IIS 4.0 or 5.0 web server.
URLScan Security Tool now available! (August 23, 2001)
A new tool lets web server administrators defend their servers by ensuring that they only respond to legitimate requests.
Improved Outlook E-mail Security Update available! (August 20, 2001)
A new version of the Outlook E-mail Security Update is available that provides protection against additional types of e-mail-based attacks.
Important New Security Tool for Network Administrators! (August 15, 2001)
HFNetChk lets administrators scan their servers -- including remote ones -- to ensure that that they are up to date on all security patches for Windows NT 4.0, Windows 2000, IIS 4.0, IIS 5.0, IE and SQL Server.
Microsoft Personal Security Advisor now available! (August 15, 2001)
A new tool is available that lets you ensure that your workstation is up to date on all security patches and configured for secure operation.
Microsoft Declares War on Hostile Code! (August 15, 2001)
If you were at the just-completed RSA Conference, you know the biggest news was Microsoft's declaration of war on hostile code. If you weren't there, find out what you missed.
Windows NT 4.0 Service Pack 6a (August 14, 2001)
Provides the latest updates to Microsoft Windows NT Workstation 4.0 and Windows NT Server 4.0 (including Enterprise Edition).
Important Information Regarding IIS 4.0 and the Code Red worm (August 13, 2001)
A newly discovered vulnerability could cause IIS 4.0 servers to fail when under attack by the Code Red worm. Learn how to protect your systems.
Tool available for Code Red II Worm (August 13, 2001)
Microsoft has developed a tool that eliminates the obvious effects of the Code Red II worm.
Microsoft Root Certificate Program (August 8, 2001)
Learn about the details and requirements for the Microsoft Root Certificate program, and protect yourself from security issues related to the use of public key infrastructure (PKI) certificates.
New Variant of the Code Red worm (August 8, 2001)
A new version of the Code Red worm has been found on the Internet. Although its effects are more serious than those of the original variant, systems that have been patched aren't vulnerable to either variant.
Protect yourself from the Code Red worm (July 30, 2001)
The Code Red worm and mutations of the worm pose a continued and serious threat to Internet users. If you are running an IIS web server, read how to protect yourself and the Internet.
Information on Bogus Microsoft Security Bulletin (July 12, 2001)
Microsoft has learned that a malicious user is circulating an e-mail that purports to be a Microsoft Security Bulletin but directs users to a piece of hostile code.
New Security Tool Available (July 10, 2001)
A new tool provides a way to make deleted data on your Windows 2000 system's hard drive unrecoverable, even by someone with physical access to your system.
Hostile Code, not the Windows XP Sockets Implementation, is the Real Security Threat (June 26, 2001)
A security researcher's claims regarding the security of Windows XP completely miss the point. Microsoft is focused on the real security threat, and is taking steps to combat it.
Inaccurate Story About IIS Security (June 2, 2001)
A year-old set of allegations about IIS security has been resurrected. Not only are the allegations old, they were never accurate to begin with.
Microsoft Security Partner Program (May 3, 2001)
Microsoft has established a community of companies providing IT security consulting services. The program has 40 partners in 16 countries and has been designed to provide Microsoft's customers with a directory of resources to better deal with security concerns.
Information About Virus-Infected Hotfixes (April 27, 2001)
Microsoft recently discovered that several hotfixes released within the past two weeks contained a virus. None of these patches were available to the general public, and no security patches were infected.
Inaccurate Crypto-Gram Article on VeriSign Certificates (April 15, 2001)
The most recent edition of the Crypto-Gram newsletter makes a number of inaccurate statements regarding the fradulent certificates issued by VeriSign, and Microsoft's handling of the situation.
Facts Regarding the 29 March 2001 IE Security Patch (April 05, 2001)
A recent series of articles published in Wired Online claims to have discovered a series of flaws in the patch Microsoft delivered on March 29, 2001. However, these reports are inaccurate.
Where to Find Microsoft Security Patches (March 6, 2001)
Do you need localized security patches? Or patches that can be installed automatically? Or ones that are customized for easy deployment in a large network? If you know about the various types of patches Microsoft produces and where to find them, you'll be able to keep your systems up to date more effectively.
Receive a Security Patch in the mail? Don't Install it! (February 12, 2001)
Several e-mails are being circulated, purporting to be Microsoft Security Bulletins and containing attachments that are claimed to be security patches. Microsoft never sends software via e-mail. If you have received such an e-mail, don't run the attachment.
Information on "E-mail Wiretapping" Issue (February 12, 2001)
Recent news reports have discussed a privacy issue involving HTML Mail. However, customers using recent versions of Outlook are not affected, and other customers can easily prevent it.
Receive an Upgrade in the Mail? Beware! (January 17, 2001)
Malicious users often use "Trojan Horses" to deliver harmful software onto unwary users' computers.
New Windows 2000 Common Criteria Security Evaluation (January 11, 2001)
Microsoft plans to submit Windows 2000 for security evaluation under the new international Common Criteria that replace the former evaluation systems.
We Need Your Help to Improve Our Security Bulletins (December 21, 2000)
In an effort to make our security bulletins more timely and useful, we're considering several changes to them. We need your help to ensure that we're making the right changes.
Security Screen Savers Available (December 21, 2000)
Looking for a way to remind users of basic security practices? We've created a pair of screen savers that display The Ten Immutable Laws of Security and The Ten Immutable Laws of Security Administration.
The Ten Immutable Laws of Security (October 23, 2000)
All your efforts to secure your systems will come to naught if you've overlooked the ten iron laws of security. Learn what they are, why they apply to all software -- including Microsoft's -- and how to use them to your advantage.
Windows 2000 Security Course is Now Available (October 18, 2000)
Course 2150A, Designing a Secure Microsoft Windows 2000 Network, prepares support professionals, designers, planners, architects, and consultants to develop a network security plan for small, medium, and enterprise networks using Windows 2000 technologies.
Why Service Packs are Better than Patches (October 9, 2000)
One of the most widely-held misconceptions is that you should rely solely on security patches to keep your systems secure. Learn how to mix security patches and service packs to maximize security while also improving reliability and manageability.
Debut of the Microsoft Security Essays (September 22, 2000)
The size and scope of Microsoft's security response effort has been a well-kept secret -- until now. In the inaugural issue of a new article series, take a tour of the Microsoft Security Response Center and learn how the people on the front lines of security at Microsoft help ensure our customers' security.
Security Hotfix Checking Tool for IIS 5.0 (September 1, 2000)
Microsoft has developed a tool that enables IIS 5.0 server administrators to verify that they are up to date on all security patches, and to continuously monitor for newly-released ones.
Windows 2000 SP1 now available (August 28, 2000)
Microsoft has released Service Pack 1 for Windows 2000. Check this list of the security vulnerabilities that are addressed by SP1.
New "Life Stages" Virus Discovered (June 09, 2000)
A new e-mail attachment virus was discovered on June 18, 2000. If you are running Microsoft Outlook, Microsoft recommends that you install the Outlook E-mail Security Update.
Security Update Available for Outlook 98 and 2000 (June 7, 2000)
A new update is now available to improve the security of Outlook against viruses, worms, and other dangerous programs that spread through email.
New Variant of the Melissa Virus (May 27, 2000)
It attempts to delete files, and replicate to all available recipients in the infected user's address book.
Information on Kerberos Interoperability (March 27, 2000)
Get the facts regarding the interoperability of Microsoft's implementation of the Kerberos authentication protocol in Windows 2000.
Web TV Security Issue (March 22, 2000)
Microsoft recently learned of a potential security issue involving the WebTV Discuss feature.
What "Security Hole?"; Why Novell Is Confused About Windows 2000 (February 16, 2000)
Claims by Novell about a supposed "security flaw" in the Active Directory service in Windows 2000 was based on a serious misperception by Novell.
Web Security Issue - Cross-Site Scripting Vulnerability (February 02, 2000)
This vulnerability could potentially affect many web sites and web site users, and is not due to a defect in any product, but instead results from certain web coding practices.
Microsoft Unveils Security Commitment (January 21, 2000)
At the RSA Conference on January 18, 2000, Brian Valentine announced Microsoft's new Security Policy.
Analysis of Reported Vulnerability in the Windows 2000 Encrypting File System (EFS)
(July 30, 1999)
A recent report purported to identify security vulnerabilities in the Encrypting File System in Windows 2000. However, there is no vulnerability, and EFS is secure.
Windows NT 4.0 Completes Major Security Evaluation! (December 03, 1999)
On December 02, 1999, the US Government announced that Windows NT Server and Workstation had completed an "Orange Book" security evaluation at the C2 level.