Additional details will include the severity rating of upcoming updates, the impact of the vulnerability and the affected software for each security bulletin. The changes are expected in June, a Microsoft spokesman said.
Microsoft is also making changes to the layout of its security bulletins in what the company said would help customers quickly determine the severity of a bulletin and its applicability to their environment. All applicable decision making information will be moved to the top of the page, creating a table of affected products with links to the download location of the updates. Section titles will also be changed to be more representative of the content under them.
Microsoft said the changes are a result of feedback from customers who said they want additional detail to help plan for timely testing and deployment.
"Customers very clearly pointed out that they were satisfied with the level of technical detail in the bulletins but needed to be able to more quickly determine the severity of the bulletin and its applicability to their environment," said Mark Miller, director of security response communications, in a posting to readers of the MSRC blog.
Some IT pros agreed that any additional information would help the planning process. Peter Gregory, a senior security specialist with a services firm in Redmond, Wash., said the updates and advance notifications have improved over time.
"Analysts can actually schedule time to do their analysis and operations can schedule maintenance windows, so it should help organizations fine tune their resource availability," Gregory said of the changes. "It is still somewhat disruptive but the advance notifications help keep the disruption and the surprise down, but we've come a long way since Microsoft used to hurl these things out to us without any advance warning."