Have you seen Microsoft's new Security Bulletin Search site, which went live late last week? The new site is XML based and lets you perform specific searches for relevant security problems by refining your search based on product and service pack. For example, you can select Windows NT 4.0 Server and Service Pack 6a (SP6a) and quickly get a list of all related security fixes that you can install on NT 4.0 Server systems running SP6a.
According to Eric Schultze, security program manager at Microsoft, the new functionality was the most frequently requested improvement, and Microsoft is happy to finally be able to provide it. I spoke with Schultze last week, and he told me that Microsoft worked with Shavlik Technologies to produce the new site; Shavlik built the XML code as well as an editor for Microsoft to input all the relevant data. You can look at the new site, its associated XML file, and a FAQ at the following Web sites.
Shultze also said that Shavlik developed a method to package the XML into a compressed cabinet format (CAB) file. Microsoft is updating its HFCheck tool (which scans IIS 5.0 systems to ensure they have the latest hotfixes installed), and the new release will be able to download that CAB file and expand it for use when scanning systems. Each time Microsoft updates the XML file with new information, the CAB file is updated automatically. According to Schultze, the new version of HFCheck won't be ready for several more weeks. You can download the current version of HFCheck here.
HFCheck is a slick tool, but what about scanning other Microsoft products to ensure they have the latest hotfixes? Schultze said that he requested that Microsoft's development group create a command-line tool that can scan Windows 2000 and NT 4.0, as well as major applications for missing security hotfixes. I have no idea when such a tool will be available, but I'll let you know as soon as I hear anything.
Microsoft's implementation of XML for hotfixes is a great step forward. Third-party vendors can now download the XML and use it in their own scanning products. Shavlik has a tool available now called QuickInspector that uses an XML database to scan for security problems in Microsoft Office, Outlook, Win2K, NT, Whistler, Windows Me, and Windows 9x systems. Check it out here. You'll hear more interesting news about this particular tool sometime in the near future! Stay tuned.
To learn more about security-related improvements underway at Microsoft, be sure to read the company's article, "Getting to the Third Wave of Security Responsiveness," by Scott Culp. You can find it here.
Before I sign off this week, I want to let you know about another new Win2K security resource. Phil Cox, author of "Windows 2000 Security Handbook" (ISBN 0072124334), has condensed Chapter 21 from his book into a document called "Hardening Windows 2000." The document is freely available in Adobe PDF.
I looked at the document and found it to be 20 pages of very useful information. Be sure to download a copy and check it out. It's definitely great stuff. Until next time, have a great week!