Microsoft Security Tool Kit: Guides, Updates, and Tools
The aim of the Microsoft Security Tool Kit is to help customers protect their systems from common and dangerous threats that they are likely to encounter on the Internet. The Security Tool Kit includes tools that provide a baseline level of security for servers that are connected to the Internet. It also includes security patches for vulnerabilities that the Microsoft Security Response Center has determined to be of potentially high severity for systems that are connected to the Internet.
Customers who are concerned about the threat from users internal to their organization—users who may be "inside" the organization's firewall? need to take additional steps in configuring their systems and might need to install additional security patches. Such organizations' choices will be guided by their own security policies.
You can order The Security Tool Kit CD at no charge for US customers. It includes automation scripts to quickly install all the security hotfixes recommended in the kit. It also includes all the content available in this online version of the kit.
The guides that follow are the first steps you can take toward securing your systems, whether they are already in operation or if you are building new systems.
Guides
This section includes guides, checklists, and other important documentation.
Updates
This section includes released service packs, other released software, security rollup packages, and other critical updates.
Tools
This section includes security management and deployment tools.
On This Page
Guides
Deployment and Management Tools
Online Resources
Guides
Guides to Baseline Security
Windows 2000 - New installation
Windows 2000 - Existing installation
Windows NT 4.0 - New installation
Windows NT 4.0 - Existing installation
Windows NT 4.0 Terminal Server Edition - New installation
Windows NT 4.0 Terminal Server Edition - Existing installation
These guides are the first steps you can take toward securing your systems, whether they are already in operation or if you are building new systems.
Internet Information Server 4.0
Internet Information Services 5.0
Internet Explorer 5.01 Service Pack 2 or greater
These checklists outline some of the steps you should take to configure your platforms with a baseline level of security.
Fast Path Guides
Make Your Windows Servers Secure
Fast Path to Systems Architectures and Network Designs
Fast Path to Security and Locking Down Systems
Windows 2000 Service Pack Installation and Deployment Guide
This document outlines procedures and options for installing Windows 2000 service packs in a corporate environment.
Windows 2000 Hotfix Installation and Deployment Guide
This document outlines procedures and recommendations for installing Windows hotfixes on multiple computers in a small business or corporate environment.
Windows NT Hotfix Installation and Deployment Guide
This document outlines procedures and recommendations for installing Windows hotfixes on multiple computers in a small business or corporate environment.
Internet Explorer Deployment Guides
Using Systems Management Server (SMS) 2.0 to Deploy Security Tool Kit Fixes
To automate the distribution and installation of the recommended security fixes to Windows 2000 Professional; Windows 2000 Server; Windows 2000 Advanced Server; Windows NT Workstation 4.0; Windows NT Server 4.0; and Windows NT Server 4.0, Enterprise Edition, Microsoft has supplied a set of queries and package definition files in the SMS directory of the Security Tool Kit compact disc. SMS will help you determine which computers need the security fixes, and then deploy the fixes to the appropriate resources. The objects that the SMS team has built can be imported into an existing SMS 2.0 hierarchy to help facilitate the deployment of these security fixes and ensure that your environment complies with the baseline level recommended by Microsoft.
Deployment and Management Tools
Microsoft Baseline Security Advisor
The Microsoft Baseline Security Analyzer (MBSA) analyzes Windows systems for common security misconfigurations. Version 1.1 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP. MBSA includes the HFNetChk Command Line Hot Fix Check Tool.
Internet Information Services Lockdown Wizard
This tool lets you configure an IIS 4.0 or IIS 5.0 Web server for secure operation. It allows the administrator to choose a template to select the technologies that the server will support. The tool provides an undo feature that allows the effects of the most recent lockdown to be reversed. This tool includes the URLScan Security Tool, which is an ISAPI filter that screens and analyzes HTTP requests as IIS receives them. URLScan can, and should be, manually configured after installation for optimal security.
Automatic Update and Critical Update Notifications
Automatic Updates for Windows XP
Automatic Updates for Windows 2000
QChain.exe
You can use QChain.exe to safely chain hotfixes together. Hotfix chaining involves installing multiple hotfixes without rebooting between each installation. Without this tool, the only supported method is to reboot after each hotfix installation.
Online Resources
Microsoft Windows Update Sites
The Microsoft Windows Update site provides an easy mechanism for obtaining current updates for the operating system, including critical security updates. The first link above will identify the current critical updates for the current system. The second link provides an easy way to download those same updates for deployment on multiple systems.
Microsoft TechNet Security Web Site
This site provides security information and tools for anyone who deploys, maintains, or supports Microsoft products.
Sign up to receive security bulletins
This is a free email notification service that Microsoft uses to send information to subscribers about the security of Microsoft products. Anyone can subscribe to the service, and you can unsubscribe at any time.
Security bulletin search site
This site lists, in a searchable format, all released security bulletins affecting Microsoft products.
Other Security Tools and Checklists
© 2003 Microsoft Corporation. All rights reserved.