Microsoft Security Guidance - How do I stay informed?

Given the recent activity on the security front I thought it would be worthwhile to highlight how to keep up to date with MS security advisories and bulletins. 

From my perspective... there is no better place then Technet.  The below links will give you a great place to start.

As well, I've captured some of the key information below for your quick reference and if you want to get insight about the Microsoft security response process you can check out this webcast.

TechNet Webcast: Inside the MSRC TechNet Webcast: Inside the MSRC
          Get in-depth information about the Microsoft security response process


How do I keep current with Microsoft security bulletins?

Basic Alerts - Microsoft's free monthly Security Notification Service provides links to security-related software updates and notification of re-released Microsoft Security Bulletins. The goal of this service is to provide accurate information you can use to protect your computers and systems from malicious attacks. These bulletins are written for IT professionals, contain in-depth technical information, and emails are digitally-signed with PGP.

Comprehensive Alerts - The free Comprehensive alerts serve as an incremental supplement to the Basic Alerts. It provides advance notification of upcoming security bulletins, Security advisories, and timely notification of any minor changes to previously released Microsoft Security Bulletins or Advisories. These notifications are written for IT professionals, contain in-depth technical information, and emails are digitally-signed with PGP.


What are Microsoft Security Advisories?

Microsoft Security Advisories are supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers' overall security.  The point of the Microsoft Security Advisories is to provide a way for us to communicate security information to you about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory will be accompanied with a unique Microsoft Knowledge Base Article number for reference to provide addtional information about the changes.

Some examples of topics that future security advisories may discuss include the following:

  • "Defense in Depth" security enhancements or changes that are unrelated to security vulnerabilities
  • Guidance and mitigations that may be applicable for publicly disclosed vulnerabilities

Security Advisories Alerts
Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory will be accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes.

Hope this helps,

Thanks

John