NEW ORLEANS, Oct. 9, 2003 — In a speech at Microsoft Corp.’s inaugural Worldwide Partner Conference, Chief Executive Officer Steve Ballmer outlined new initiatives in the company’s ongoing security efforts designed to address the increasing threats faced by computer users around the world. Ballmer announced new programs and technology investments to be delivered over the coming months, all of which reflect a companywide focus on increasing the security of millions of users and critical business systems worldwide. Specific actions will include these:
Improved patch management processes, policies and technologies to help customers stay up to date and secure
Global education programs to provide better guidance and tools for securing systems
Updates to Microsoft Windows XP and Windows Server 2003 with new safety technologies that will make Windows more resistant to attack even if patches do not yet exist or have not been installed
“Our goal is simple: Get our customers secure and keep them secure,” Ballmer said. “Our commitment is to protect our customers from the growing wave of criminal attacks.”
Ballmer provided the following details:
Improving the Patch Experience
Ballmer outlined significant improvements that will help reduce the complexity of patch management, including new processes for patch distribution. He announced that Microsoft will move to monthly patch releases, which will reduce the burden on IT administrators by adding a level of increased predictability and manageability. Ballmer also announced that Microsoft is extending security patch support for Windows NT Workstation 4 Service Pack 6a and Windows 2000 Service Pack 2 through June 2004.
Ballmer highlighted new tools, including Microsoft’s free Software Update Services 2.0, which will be released in the first half of 2004 and will provide a seamless patch, scanning and installation experience for Windows, SQL Server, Office, Exchange Server and Visio. Similarly, Microsoft has committed to consolidating the number of patch installers to two for Windows 2000-generation products by the first half of 2004, introducing rollback capability for all new patches, and reducing downtime by requiring 30 percent fewer reboots during deployment in the same time frame.
Global Education Programs
Microsoft is responding to the need for more advanced security guidance with broad availability of new security seminars and in-depth training courses worldwide for its customers. Examples of these education activities include the following:
TechNet Security Seminars beginning later this fall at no charge to customers
Monthly security webcasts beginning in November
New prescriptive guidance in the form of patterns and practices, deeper information on how to configure for security, and sharing details on how Microsoft secures its own networking infrastructure
A dedicated developer security symposium focused on secure coding practices, to be held at Microsoft’s Professional Developers Conference later this month
Updates to Windows XP and Windows Server 2003
Ballmer highlighted the need for security innovation, pointing out that patches and guidance are only part of the solution, and that as exploits become more sophisticated the technology must evolve to become more resilient. Ballmer announced Microsoft’s new safety technologies designed to enable customers to more effectively protect their computers and systems from malicious attacks even if patches do not yet exist or have not yet been installed. These safety technologies will first ship in Service Pack 2 for Windows XP, planned for the first half of 2004, and subsequently in the Service Pack 1 for Windows Server 2003.
“Our goal is to enable increased protection and resiliency of systems and networks,” Ballmer said. “Our highest priority is developing these safety technologies for our customers. This is a key area of focus for us.”
These security advancements for Windows XP will focus on protections against the four types of attacks that constitute the largest percentage of threats: port-based attacks, e-mail attacks, malicious Web content and buffer overruns.
For Windows Server 2003, the safety technologies will enable remote-access-connection client inspection and intranet client inspection to help protect corporate networks from potential infections introduced by mobile systems. These technologies are expected to be available in the second half of 2004.
Customers interested in learning more should visit http://www.microsoft.com/security/ .
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software – any time, any place and on any device.
Microsoft, Windows, Windows Server, Windows NT and Visio are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .