Microsoft plans changes to Patch Tuesday

By Robert Westervelt, News Editor 16 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

We've come a long way since Microsoft used to hurl these things out to us without any advance warning. Peter Gregory, senior security specialist

Additional details will include the severity rating of upcoming updates, the impact of the vulnerability and the affected software for each security bulletin. The changes are expected in June, a Microsoft spokesman said.

Microsoft is also making changes to the layout of its security bulletins in what the company said would help customers quickly determine the severity of a bulletin and its applicability to their environment. All applicable decision making information will be moved to the top of the page, creating a table of affected products with links to the download location of the updates. Section titles will also be changed to be more representative of the content under them.

Microsoft said the changes are a result of feedback from customers who said they want additional detail to help plan for timely testing and deployment.

"Customers very clearly pointed out that they were satisfied with the level of technical detail in the bulletins but needed to be able to more quickly determine the severity of the bulletin and its applicability to their environment," said Mark Miller, director of security response communications, in a posting to readers of the MSRC blog.

Some IT pros agreed that any additional information would help the planning process. Peter Gregory, a senior security specialist with a services firm in Redmond, Wash., said the updates and advance notifications have improved over time.

"Analysts can actually schedule time to do their analysis and operations can schedule maintenance windows, so it should help organizations fine tune their resource availability," Gregory said of the changes. "It is still somewhat disruptive but the advance notifications help keep the disruption and the surprise down, but we've come a long way since Microsoft used to hurl these things out to us without any advance warning."

The former location of the ANS will no longer exist. The June ANS will be available on June 7. Customers can also continue to subscribe to the ANS and other alerts, Microsoft said.

Tags: Security Patch Management,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates? Security Industry Market Trends, Predictions and Forecasts Healthcare security spending remains sluggish, report shows How to use Internet security threat reports M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary