Article

Microsoft changes advisory release process

Shawna McAlearney, Information Security Magazine Online Editor

Security experts are lauding Microsoft's new plan to release vulnerability advisories once a month, rather than as needed on Wednesdays. Microsoft says the new monthly bulletin release cycle will add a level of predictability and manageability for customers and allow them to test and deploy patches in a timely manner.

"The number of Windows patch files is getting out of hand," says Richard M. Smith, an independent security researcher. "This is a good way of consolidating vast amounts of information."

Security bulletins will be released on the second Tuesday of every month.

"The downside is that if word gets out about a vulnerability, there's a bigger window for exploit," adds Smith. "However, Microsoft says it will continue to release patches early if users are faced by an immediate threat."

The new process will include a bulletin summary that describes issues and severity at a high level and provides pointers to the detailed security bulletin. The security bulletin and Knowledge Base article information will be merged into one comprehensive document. The bulletins will provide additional mitigations to make security response more manageable and give options beyond patching. Also, Microsoft released Windows XP Update Rollup 1 (a cumulative set of hotfixes, security patches and critical updates packaged together for easy deployment) via Windows Update.

The new security bulletin format and process applies to both the technical bulletin

    Requires Free Membership to View

and the consumer bulletin.

CEO Steve Ballmer first announced the process at Microsoft's Worldwide Partner Conference.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: