How the Microsoft Security Response Center Responds to Security Incidents
The Microsoft Security Response Center (MSRC) uses Microsoft's worldwide Software Security Incident Response Process (SSIRP) to understand security incidents (situations that arise when malicious users exploit vulnerabilities) quickly then investigate, analyze, and resolve those incidents.
When a security incident threatens customers—whether it is an attack on the entire Internet or is more restricted in scope—the MSRC quickly mobilizes teams across Microsoft and around the world, including affected product teams, Customer Support and Services, Microsoft IT, and external partners.
The MSRC provides customers with:
- Information
- Guidance
- Mitigation
- Tools.
Software Security Incident Response Process (SSIRP)
The SSIRP comprises these phases:
- Watch: MSRC and its partners are always on the alert for threats.
- Alert and Mobilize Resources: When a threat is identified, first responders are paged and mobilized into two teams of engineers and communications professionals.
- Assess and Stabilize: The engineering team investigates and develops the solution, while the communications team reaches out to provide guidance to customers and partners.
- Resolve: MSRC provides tools and solutions, and the Watch phase resumes.
Read a case study on the SSIRP for the 2004 Sasser security incident.
The MSRC and its partners have regular drills to ensure the process runs efficiently.
SSIRP participants include Microsoft product groups—such as the Windows, Internet Explorer, SQL Server, and Microsoft Office teams—in addition to external partners and organizations like GIAIS (a consortium of Internet Service Providers), VIA (Virus Information Alliance), and MVI (Macro Virus Initiative), a forum designed to share information and improve responses to virus outbreaks.
Working With Security Researchers
MSRC works closely with independent security researchers, providing regular updates to these individuals about the vulnerabilities they have reported.
Microsoft seeks to build a community of security researchers. In the bulletins that accompany vulnerability updates, the MSRC publicly recognizes security researchers for their vigilance and responsibility.
Other groups within Microsoft also work to build and maintain close relationships with security researchers outside of the emergency response process.
Microsoft recognizes that detailed public disclosure of vulnerabilities by security researchers before updates are available can lead to malicious activity and expose customers to security threats. MSRC encourages security researchers to responsibly report findings to diminish the impact on customers. For more information on how Microsoft works with security researchers, please visit our Security Ecosystem Collaboration page.
More Information
- MSRC Overview
- Security Update Release Cycle
- Case Study: Sasser
- Responding to Incidents
Help & Resources
Learn how you can protect yourself using our collection of help and resource topics.
Was This Information Useful? |
