Microsoft giving three-day notice on patches

Article

Microsoft giving three-day notice on patches

From now on, IT security managers will wake up each Patch Tuesday with a general idea of what they're in for.

Starting this month, Microsoft is offering customers an early assessment of its monthly patch rollouts -- three business days ahead of time on its TechNet Security site.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The first such message appeared Thursday, telling customers to expect one security bulletin Tuesday for an "important" vulnerability in the Internet Security and Acceleration (ISA) Server. The software giant said the security update may require a restart and that "the information contained in this notification is subject to change due to the complexity of testing security updates. Therefore, the notification should not be viewed as definitive."

More on Recent 'Patch Tuesdays'

Microsoft issues 10 security bulletins, seven critical

Microsoft sets new Patch Tuesday record

Microsoft said customer feedback prompted it to "expand" its security bulletin program "to provide all customers with advance information about upcoming monthly security updates." The TechNet Security site will publish a general summary of planned patches three business days before each Patch Tuesday, which is the second Tuesday of each month.

"The advance notifications will include the number of bulletins that might be released, the anticipated severity ratings, and the products that might be affected," the company said in a statement. "The purpose of the advance notification is to assist customers with resource planning for the monthly security bulletin release. The information provided in the notification will be general and will not disclose vulnerability details or other information that could put customers at risk."

Staring in December, Microsoft said customers will be able to sign up for advance bulletin notifications by e-mail.

IT practitioners have long lamented that they never know what to expect with each monthly patch rollout. The software giant issued just one security update for August for a "moderate" Outlook Web Access flaw. But last month the company issued 10 security bulletins -- seven of them critical -- to patch a total of 22 vulnerabilities. It was a new record for the software maker's monthly patch program.