We are a global team dedicated to ensuring your safety when using Microsoft products. Our goal is to protect you--our customers--by delivering security updates and authoritative security guidance. MSRC identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. We also manage a company-wide security update release process and serves as the single point of coordination and communications. The MSRC monitors and manages over 100,000 vulnerability reports that customers send to | |
secure@microsoft.com. MSRC is tapped into a worldwide network of security researchers and partners and we closely monitor security news lists and public forums such as Bugtraq. Our commitment is to prevent worldwide incidents and create a safer, more trusted Internet.
When the MSRC receives information about a potential threat, we follow these steps:
| Evaluation | Investigation | Severity | Resolution |
|---|
| Evaluate the possible impact of the threat to our customers. | Gather enough information to reproduce the vulnerability and determine which product might be affected. | Rate each vulnerability according to severity and the likelihood that it will be exploited. | The researchers compare findings, and MSRC decides whether to fix the root cause immediately with an update, or to resolve the issue in a future service pack or new product version. |
Releasing Security Updates, Bulletins, and Advisories
The MSRC delivers advanced resources and extensive guidance that allows you to manage your systems more effectively and predictably. When MSRC addresses a vulnerability with a security update, security experts write an accompanying security bulletin, which is released in over 20 languages. This supporting documentation includes a list of frequently asked questions, information about possible workarounds and mitigations, and any other essential information that IT staff might need to resolve the vulnerability. The bulletin and other communications help you assess risks and respond more effectively.
Microsoft releases security bulletins on the second Tuesday (U.S. Pacific Standard Time) of every month. This predictable bulletin release allows you to plan update deployment.
Microsoft Security Advisories, which the MSRC introduced in 2005, are another way Microsoft communicates security information to customers. These advisories call attention to issues that might not be classified as vulnerabilities and might not require security bulletins, but that can still have an effect on customer security. For more information, see Security Update Release Cycle.
Responding to Security Incidents
MSRC leads the worldwide Software Security Incident Response Process (SSIRP). The SSIRP was designed to help us quickly gain a thorough understanding of security incidents—situations that arise when malicious users deliberately exploit vulnerabilities—and then effectively investigate, analyze, and resolve them. For more information, see Responding to Security Incidents.
Conducting Technical Investigations
MSRC Engineering is a team of security researchers that conducts detailed technical investigations of Microsoft software security issues. The team also acts as an engineering technical leader for the Microsoft company-wide SSIRP.
The team provides information about mitigations, workarounds for vulnerabilities, and active attacks. It also helps to prevent future problems through security engineering and development changes. For more information, see Conducting Technical Investigations.
