Hi hawg,

subscribing to MS security alerts is a starting point I also use. Further I keep my eyes open while joining forums like this one. There are also mailinglist from websites like http://www.securityfocus.com or alike. This has proven to work fine, but I doubt you can write this down in some kind of company security guidelines

Cheers,

Frank