Security Headlines Archive

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
On This Page



Information About Security Vulnerability in Windows XP Help and SupportCenter (September 12, 2002)
Up to the minute information on security issues regarding the Windows XP Help and Support Center. more_new

Microsoft has released Service Pack 1 for Windows XP (September 9, 2002)
Download Service Pack 1 (SP1) for important updates to the Windows XP Operating System, including fixes to operating system reliability, application compatibility, setup, and security issues. more_new

Information about Reported Architectural Flaw in Windows (September, 2002)
Information about our findings and planned future steps. more_new

Windows 2000 Service Pack 3 (August 2002)
Windows 2000 SP3 includes the updates contained in Windows 2000 Service Pack 1 (SP1), Windows 2000 Service Pack 2 (SP2) and Windows 2000 Security Rollup Package. more_new

28 March 2002 Cumulative Patch for Internet Explorer (March 28, 2002)
A security patch is now available that addresses two newly discovered security vulnerabilities affecting Internet Explorer. This patch also incorporates all previous IE patches. more_new

Behind the Scenes with the Secure Windows Initiative (March 26, 2002)
Get a behind the scenes look at Microsoft's Secure Windows Initiative and see how Microsoft is working every day to make software more secure. more_new

.NET Framework Service Pack 1 now available! (March 20, 2002)
Service Pack 1 includes security and non-security fixes for .NET Framework, and introduces a new default setting that improves security when browsing the web. more_new

FrontPage 2000 Server Extensions Service Release Now Available! (March 7, 2002)
FPSE 2000 Service Release 1.3 includes all previously released security fixes for FrontPage 2000 Server Extensions and forms the secure baseline for future FPSE 2000 security patches. more_new

Window NT Server 4.0, Terminal Server Edition Security Rollup Package 1 (February 2002)
TSE SRP1 is a small, comprehensive rollup of post-SP6 fixes, and provides an easier mechanism for managing the rollout of security fixes. more_new

Inaccurate Claims Regarding Visual C++ .NET Security Feature (February 15, 2002)
A recent report incorrectly claims that a security feature in Visual C++ .NET is flawed. In reality, there is no flaw and the feature works correctly. more_new

Important Information about the "MSN Messenger Worm" (February 14, 2002)
Find out what you can do to protect yourself against the MSN Messenger worm. more_new

RSA Data Security Conference Coming Soon (January 22, 2002)
The RSA Data Security Conference is the premier security event of the year. Don't miss it! more_new

Information about the MyParty Virus (January 29, 2002)
W32.Myparty@mm is a mass-mailing e-mail worm virus / Trojan horse. more_new

Information on the So-Called ".NET Virus" (January 11, 2002)
Find out the real story on the so-called ".NET Virus" from Microsoft's .NET Framework team and Product Support Services. more_new


Office XP Service Pack 1 now available! (December 27, 2001)
Service Pack 1 includes all previously released security fixes for Office XP, and introduces a new feature that improves email security. more_new

Improvements to the Microsoft Product Security Notification Service. (December 21, 2001)
If you're a subscriber to the Security Notification Service, you may have noticed some minor formatting changes in recent mailers. These are the result of a recent upgrade in the Service that should allow us to provide more reliable, timely service.


Patch for Windows XP, ME, 98, 98SE Plug and Play Service (December 20, 2001)
Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if the Universal Plug and Play service is installed and running. more_new

Microsoft Unveils Security Vulnerability Rating System (November 30, 2001)
To help customers assess the priority that should be given to various security patches, Microsoft has begun including a section in all security bulletins that rates the severity of the issue. Learn more about the rating system and how to use it most effectively. more_new

BadTrans Worm Information (Nobember 29, 2001)
Learn details about the BadTrans Worm virus. more_new

Security Tools Available Online (November 12, 2001)
If you don't want to wait for the Security ToolKit, Tools to secure your workstations and servers are available online! more_new

VBS/Loveletter Virus (November 02, 2001)
The VBS/Loveletter virus has affected many customers. However, standard best practices will protect against this and other viruses.

Important new information about the "Nimda" Worm (September 21, 2001)
If you've installed IE 6 on a Windows 95, 98 or ME system, be sure that you're protected against the Nimda worm. more_new

Information on "Nimda" Worm (September 18, 2001)
A new worm is affecting many customers. However, systems that are up to date on security patches are at little risk from it. more_new

Information on Code Blue Worm (September 13, 2001)
A newly reported worm can be blocked by applying a patch released almost a year ago. more_new

IIS Lockdown Tool Now Available! (September 13, 2001)
A new tool lets you instantly secure your IIS 4.0 or 5.0 web server. more_new

URLScan Security Tool now available! (August 23, 2001)
A new tool lets web server administrators defend their servers by ensuring that they only respond to legitimate requests. more_new

Improved Outlook E-mail Security Update available! (August 20, 2001)
A new version of the Outlook E-mail Security Update is available that provides protection against additional types of e-mail-based attacks. more_new

Important New Security Tool for Network Administrators! (August 15, 2001)
HFNetChk lets administrators scan their servers -- including remote ones -- to ensure that that they are up to date on all security patches for Windows NT 4.0, Windows 2000, IIS 4.0, IIS 5.0, IE and SQL Server. more_new

Microsoft Personal Security Advisor now available! (August 15, 2001)
A new tool is available that lets you ensure that your workstation is up to date on all security patches and configured for secure operation. more_new

Microsoft Declares War on Hostile Code! (August 15, 2001)
If you were at the just-completed RSA Conference, you know the biggest news was Microsoft's declaration of war on hostile code. If you weren't there, find out what you missed. more_new

Windows NT 4.0 Service Pack 6a (August 14, 2001)
Provides the latest updates to Microsoft Windows NT Workstation 4.0 and Windows NT Server 4.0 (including Enterprise Edition). more_new

Important Information Regarding IIS 4.0 and the Code Red worm (August 13, 2001)
A newly discovered vulnerability could cause IIS 4.0 servers to fail when under attack by the Code Red worm. Learn how to protect your systems. more_new

Tool available for Code Red II Worm (August 13, 2001)
Microsoft has developed a tool that eliminates the obvious effects of the Code Red II worm. more_new

Microsoft Root Certificate Program (August 8, 2001)
Learn about the details and requirements for the Microsoft Root Certificate program, and protect yourself from security issues related to the use of public key infrastructure (PKI) certificates. more_new

New Variant of the Code Red worm (August 8, 2001)
A new version of the Code Red worm has been found on the Internet. Although its effects are more serious than those of the original variant, systems that have been patched aren't vulnerable to either variant. more_new

Protect yourself from the Code Red worm (July 30, 2001)
The Code Red worm and mutations of the worm pose a continued and serious threat to Internet users. If you are running an IIS web server, read how to protect yourself and the Internet. more_new

Information on Bogus Microsoft Security Bulletin (July 12, 2001)
Microsoft has learned that a malicious user is circulating an e-mail that purports to be a Microsoft Security Bulletin but directs users to a piece of hostile code. more_new

New Security Tool Available (July 10, 2001)
A new tool provides a way to make deleted data on your Windows 2000 system's hard drive unrecoverable, even by someone with physical access to your system. more_new

Hostile Code, not the Windows XP Sockets Implementation, is the Real Security Threat (June 26, 2001)
A security researcher's claims regarding the security of Windows XP completely miss the point. Microsoft is focused on the real security threat, and is taking steps to combat it. more_new

Inaccurate Story About IIS Security (June 2, 2001)
A year-old set of allegations about IIS security has been resurrected. Not only are the allegations old, they were never accurate to begin with. more_new

Microsoft Security Partner Program (May 3, 2001)
Microsoft has established a community of companies providing IT security consulting services. The program has 40 partners in 16 countries and has been designed to provide Microsoft's customers with a directory of resources to better deal with security concerns. more_new

Information About Virus-Infected Hotfixes (April 27, 2001)
Microsoft recently discovered that several hotfixes released within the past two weeks contained a virus. None of these patches were available to the general public, and no security patches were infected. more_new

Inaccurate Crypto-Gram Article on VeriSign Certificates (April 15, 2001)
The most recent edition of the Crypto-Gram newsletter makes a number of inaccurate statements regarding the fradulent certificates issued by VeriSign, and Microsoft's handling of the situation. more_new

Facts Regarding the 29 March 2001 IE Security Patch (April 05, 2001)
A recent series of articles published in Wired Online claims to have discovered a series of flaws in the patch Microsoft delivered on March 29, 2001. However, these reports are inaccurate. more_new

Where to Find Microsoft Security Patches (March 6, 2001)
Do you need localized security patches? Or patches that can be installed automatically? Or ones that are customized for easy deployment in a large network? If you know about the various types of patches Microsoft produces and where to find them, you'll be able to keep your systems up to date more effectively. more_new

Receive a Security Patch in the mail? Don't Install it! (February 12, 2001)
Several e-mails are being circulated, purporting to be Microsoft Security Bulletins and containing attachments that are claimed to be security patches. Microsoft never sends software via e-mail. If you have received such an e-mail, don't run the attachment. more_new

Information on "E-mail Wiretapping" Issue (February 12, 2001)
Recent news reports have discussed a privacy issue involving HTML Mail. However, customers using recent versions of Outlook are not affected, and other customers can easily prevent it. more_new

Receive an Upgrade in the Mail? Beware! (January 17, 2001)
Malicious users often use "Trojan Horses" to deliver harmful software onto unwary users' computers. more_new

New Windows 2000 Common Criteria Security Evaluation (January 11, 2001)
Microsoft plans to submit Windows 2000 for security evaluation under the new international Common Criteria that replace the former evaluation systems. more_new


We Need Your Help to Improve Our Security Bulletins (December 21, 2000)

In an effort to make our security bulletins more timely and useful, we're considering several changes to them. We need your help to ensure that we're making the right changes.


Security Screen Savers Available (December 21, 2000)
Looking for a way to remind users of basic security practices? We've created a pair of screen savers that display The Ten Immutable Laws of Security and The Ten Immutable Laws of Security Administration. more_new

The Ten Immutable Laws of Security (October 23, 2000)
All your efforts to secure your systems will come to naught if you've overlooked the ten iron laws of security. Learn what they are, why they apply to all software -- including Microsoft's -- and how to use them to your advantage. more_new

Windows 2000 Security Course is Now Available (October 18, 2000)
Course 2150A, Designing a Secure Microsoft Windows 2000 Network, prepares support professionals, designers, planners, architects, and consultants to develop a network security plan for small, medium, and enterprise networks using Windows 2000 technologies. more_new

Why Service Packs are Better than Patches (October 9, 2000)
One of the most widely-held misconceptions is that you should rely solely on security patches to keep your systems secure. Learn how to mix security patches and service packs to maximize security while also improving reliability and manageability. more_new

Debut of the Microsoft Security Essays (September 22, 2000)
The size and scope of Microsoft's security response effort has been a well-kept secret -- until now. In the inaugural issue of a new article series, take a tour of the Microsoft Security Response Center and learn how the people on the front lines of security at Microsoft help ensure our customers' security. more_new

Security Hotfix Checking Tool for IIS 5.0 (September 1, 2000)
Microsoft has developed a tool that enables IIS 5.0 server administrators to verify that they are up to date on all security patches, and to continuously monitor for newly-released ones. more_new

Windows 2000 SP1 now available (August 28, 2000)
Microsoft has released Service Pack 1 for Windows 2000. Check this list of the security vulnerabilities that are addressed by SP1. more_new

New "Life Stages" Virus Discovered (June 09, 2000)
A new e-mail attachment virus was discovered on June 18, 2000. If you are running Microsoft Outlook, Microsoft recommends that you install the Outlook E-mail Security Update. more_new

Security Update Available for Outlook 98 and 2000 (June 7, 2000)
A new update is now available to improve the security of Outlook against viruses, worms, and other dangerous programs that spread through email. more_new

New Variant of the Melissa Virus (May 27, 2000)
It attempts to delete files, and replicate to all available recipients in the infected user's address book.

Information on Kerberos Interoperability (March 27, 2000)
Get the facts regarding the interoperability of Microsoft's implementation of the Kerberos authentication protocol in Windows 2000. more_new

Web TV Security Issue (March 22, 2000)
Microsoft recently learned of a potential security issue involving the WebTV Discuss feature. more_new

What "Security Hole?"; Why Novell Is Confused About Windows 2000 (February 16, 2000)
Claims by Novell about a supposed "security flaw" in the Active Directory service in Windows 2000 was based on a serious misperception by Novell. more_new

Web Security Issue - Cross-Site Scripting Vulnerability (February 02, 2000)
This vulnerability could potentially affect many web sites and web site users, and is not due to a defect in any product, but instead results from certain web coding practices. more_new

Microsoft Unveils Security Commitment (January 21, 2000)
At the RSA Conference on January 18, 2000, Brian Valentine announced Microsoft's new Security Policy. more_new


Analysis of Reported Vulnerability in the Windows 2000 Encrypting File System (EFS)
(July 30, 1999)
A recent report purported to identify security vulnerabilities in the Encrypting File System in Windows 2000. However, there is no vulnerability, and EFS is secure. more_new

Windows NT 4.0 Completes Major Security Evaluation! (December 03, 1999)
On December 02, 1999, the US Government announced that Windows NT Server and Workstation had completed an "Orange Book" security evaluation at the C2 level. more_new