Article

Microsoft giving three-day notice on patches

Bill Brenner

From now on, IT security managers will wake up each Patch Tuesday with a general idea of what they're in for.

Starting this month, Microsoft is offering customers an early assessment of its monthly patch rollouts -- three business days ahead of time on its TechNet Security site.

    Requires Free Membership to View

The first such message appeared Thursday, telling customers to expect one security bulletin Tuesday for an "important" vulnerability in the Internet Security and Acceleration (ISA) Server. The software giant said the security update may require a restart and that "the information contained in this notification is subject to change due to the complexity of testing security updates. Therefore, the notification should not be viewed as definitive."

More on Recent 'Patch Tuesdays'

Microsoft issues 10 security bulletins, seven critical

Microsoft sets new Patch Tuesday record

Microsoft said customer feedback prompted it to "expand" its security bulletin program "to provide all customers with advance information about upcoming monthly security updates." The TechNet Security site will publish a general summary of planned patches three business days before each Patch Tuesday, which is the second Tuesday of each month.

"The advance notifications will include the number of bulletins that might be released, the anticipated severity ratings, and the products that might be affected," the company said in a statement. "The purpose of the advance notification is to assist customers with resource planning for the monthly security bulletin release. The information provided in the notification will be general and will not disclose vulnerability details or other information that could put customers at risk."

Staring in December, Microsoft said customers will be able to sign up for advance bulletin notifications by e-mail.

IT practitioners have long lamented that they never know what to expect with each monthly patch rollout. The software giant issued just one security update for August for a "moderate" Outlook Web Access flaw. But last month the company issued 10 security bulletins -- seven of them critical -- to patch a total of 22 vulnerabilities. It was a new record for the software maker's monthly patch program.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: