Microsoft Security Tool Kit: Guides, Updates, and Tools

The aim of the Microsoft Security Tool Kit is to help customers protect their systems from common and dangerous threats that they are likely to encounter on the Internet. The Security Tool Kit includes tools that provide a baseline level of security for servers that are connected to the Internet. It also includes security patches for vulnerabilities that the Microsoft Security Response Center has determined to be of potentially high severity for systems that are connected to the Internet.

Customers who are concerned about the threat from users internal to their organization—users who may be "inside" the organization's firewall? need to take additional steps in configuring their systems and might need to install additional security patches. Such organizations' choices will be guided by their own security policies.

You can order The Security Tool Kit CD at no charge for US customers. It includes automation scripts to quickly install all the security hotfixes recommended in the kit. It also includes all the content available in this online version of the kit.

The guides that follow are the first steps you can take toward securing your systems, whether they are already in operation or if you are building new systems.


This section includes guides, checklists, and other important documentation.


This section includes released service packs, other released software, security rollup packages, and other critical updates.


This section includes security management and deployment tools.

On This Page

Deployment and Management Tools
Online Resources


Deployment and Management Tools

  • Microsoft Baseline Security Advisor

    The Microsoft Baseline Security Analyzer (MBSA) analyzes Windows systems for common security misconfigurations. Version 1.1 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP. MBSA includes the HFNetChk Command Line Hot Fix Check Tool.

  • Internet Information Services Lockdown Wizard

    This tool lets you configure an IIS 4.0 or IIS 5.0 Web server for secure operation. It allows the administrator to choose a template to select the technologies that the server will support. The tool provides an undo feature that allows the effects of the most recent lockdown to be reversed. This tool includes the URLScan Security Tool, which is an ISAPI filter that screens and analyzes HTTP requests as IIS receives them. URLScan can, and should be, manually configured after installation for optimal security.

  • Automatic Update and Critical Update Notifications

    Automatic Updates for Windows XP

    Automatic Updates for Windows 2000

    Automatic Updates for Windows ME

    Critical Update Notifications for Windows 98

  • QChain.exe


    You can use QChain.exe to safely chain hotfixes together. Hotfix chaining involves installing multiple hotfixes without rebooting between each installation. Without this tool, the only supported method is to reboot after each hotfix installation.

Online Resources

  • Microsoft Windows Update Sites

    Corporate Windows Update site

    The Microsoft Windows Update site provides an easy mechanism for obtaining current updates for the operating system, including critical security updates. The first link above will identify the current critical updates for the current system. The second link provides an easy way to download those same updates for deployment on multiple systems.

  • Microsoft TechNet Security Web Site

    View Site

    This site provides security information and tools for anyone who deploys, maintains, or supports Microsoft products.

  • Sign up to receive security bulletins

    View Site

    This is a free email notification service that Microsoft uses to send information to subscribers about the security of Microsoft products. Anyone can subscribe to the service, and you can unsubscribe at any time.

  • Security bulletin search site

    View Site

    This site lists, in a searchable format, all released security bulletins affecting Microsoft products.

  • Other Security Tools and Checklists

    Security Tools

    Security Checklists

© 2003 Microsoft Corporation. All rights reserved.