From now on, IT security managers will wake up each Patch Tuesday with a general idea of what they're in for.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Starting this month, Microsoft is offering customers an early assessment of its monthly patch rollouts -- three business days ahead of time on its TechNet Security site.
The first such message appeared Thursday, telling customers to expect one security bulletin Tuesday for an "important" vulnerability in the Internet Security and Acceleration (ISA) Server. The software giant said the security update may require a restart and that "the information contained in this notification is subject to change due to the complexity of testing security updates. Therefore, the notification should not be viewed as definitive."
Microsoft said customer feedback prompted it to "expand" its security bulletin program "to provide all customers with advance information about upcoming monthly security updates." The TechNet Security site will publish a general summary of planned patches three business days before each Patch Tuesday, which is the second Tuesday of each month.
"The advance notifications will include the number of bulletins that might be released, the anticipated severity ratings, and the products that might be affected," the company said in a statement. "The purpose of the advance notification is to assist customers with resource planning for the monthly security bulletin release. The information provided in the notification will be general and will not disclose vulnerability details or other information that could put customers at risk."
Staring in December, Microsoft said customers will be able to sign up for advance bulletin notifications by e-mail.
IT practitioners have long lamented that they never know what to expect with each monthly patch rollout. The software giant issued just one security update for August for a "moderate" Outlook Web Access flaw. But last month the company issued 10 security bulletins -- seven of them critical -- to patch a total of 22 vulnerabilities. It was a new record for the software maker's monthly patch program.