Security Updates
A security update is an update that the Microsoft Security Response Center (MSRC) releases to resolve a security vulnerability. Microsoft security updates are available for customers to download and are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article.
More Info For more information about the MSRC, visit http://www.microsoft.com/security/msrc/default.mspx.
A Microsoft security bulletin notifies administrators of critical security issues and vulnerabilities and is associated with a security update that can be used to fix the vulnerability. Security bulletins generally provide detailed information about whom the bulletin concerns, the impact and severity of the vulnerability, and a recommended course of action for affected customers.
Security bulletins usually include the following pieces of information:
- Title The title of the security bulletin, in the format MSyy-###, where yy is the last two digits of the year and ### is the sequential bulletin number for that year.
- Summary Information about who should read the bulletin, the impact of the vulnerability and the software affected, the maximum severity rating, and the MSRC's recommendation on how to respond to the bulletin. The severity rating of a bulletin gauges the maximum risk posed by the vulnerability that the update fixes. This severity level can be Low, Moderate, Important, or Critical. The MSRC judges the severity of a vulnerability on behalf of the entire Microsoft customer base. The impact a vulnerability has on your organization might be more or less serious than this severity rating.
- Executive summary An overview of the individual vulnerabilities discussed in the security bulletin and their severity ratings. One security bulletin might address multiple, related vulnerabilities that are fixed with a single update.
- Frequently asked questions Discusses updates that are replaced, whether you can audit the presence of the update using MBSA or Configuration Manager 2007 R2, lifecycle information, and other relevant information.
- Vulnerability details The technical details of the vulnerabilities, a list of mitigating factors that might protect you from the vulnerability, and alternative workarounds that you can use to limit the risk if you cannot install the update immediately. One of the most important pieces of information in this section is whether there are known, active exploits that attackers can use to compromise computers that haven't been updated. If you are unable to install the update immediately, you should read this section carefully to understand the risk of managing a computer that hasn't been updated.
- Security update information Instructions on how to install the update and what files and configuration settings will be updated. Refer to this section if you need to deploy updated files manually or if you are configuring custom auditing to verify that the update has been applied to a computer.
More Info If you are not familiar with the format of security bulletins, take some time to read current bulletins. You can browse and search bulletins at http://www.microsoft.com/technet/security/current.aspx.
In addition to security bulletins, Microsoft also creates Knowledge Base articles about security vulnerabilities. Knowledge Base articles generally include more detailed information about the vulnerability and step-by-step instructions for updating affected computers.
From time to time, Microsoft releases security advisories. Security advisories are not associated with a security update. Instead, advisories communicate security guidance that might not be classified as a vulnerability to customers.
In this tutorial:
- Managing Software Updates
- Methods for Deploying Updates
- Windows Update Client
- Windows Server Update Services
- System Center Configuration Manager 2007 R2
- Manually Installing, Scripting, and Removing Updates
- Overview of Windows 7 Update Files
- How to Script Update Installations
- How to Remove Updates
- Deploying Updates to New Computers
- Other Reasons to Use a Private Network for New Computers
- Managing BITS
- BITS Behavior
- BITS Group Policy Settings
- Configuring the Maximum Bandwidth Served For Peer Client Requests Policy
- Managing BITS with Windows PowerShell
- Windows Update Group Policy Settings
- Configuring Windows Update to Use a Proxy Server
- Tools for Auditing Software Updates
- The MBSA Console
- MBSACLI
- Scheduling MBSA
- Troubleshooting the Windows Update Client
- The Process of Updating Network Software
- Assembling the Update Team
- Inventorying Software
- Creating an Update Process
- Discovering Updates
- Evaluating Updates
- Speeding the Update Process
- Retrieving Updates
- Testing Updates
- Installing Updates
- Removing Updates
- Auditing Updates
- How Microsoft Distributes Updates
- Security Updates
- Update Rollups
- Service Packs
- Microsoft Product Life Cycles