Microsoft plans changes to Patch Tuesday

By Robert Westervelt, News Editor 16 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

We've come a long way since Microsoft used to hurl these things out to us without any advance warning. Peter Gregory, senior security specialist

Additional details will include the severity rating of upcoming updates, the impact of the vulnerability and the affected software for each security bulletin. The changes are expected in June, a Microsoft spokesman said.

Microsoft is also making changes to the layout of its security bulletins in what the company said would help customers quickly determine the severity of a bulletin and its applicability to their environment. All applicable decision making information will be moved to the top of the page, creating a table of affected products with links to the download location of the updates. Section titles will also be changed to be more representative of the content under them.

Microsoft said the changes are a result of feedback from customers who said they want additional detail to help plan for timely testing and deployment.

"Customers very clearly pointed out that they were satisfied with the level of technical detail in the bulletins but needed to be able to more quickly determine the severity of the bulletin and its applicability to their environment," said Mark Miller, director of security response communications, in a posting to readers of the MSRC blog.

Some IT pros agreed that any additional information would help the planning process. Peter Gregory, a senior security specialist with a services firm in Redmond, Wash., said the updates and advance notifications have improved over time.

"Analysts can actually schedule time to do their analysis and operations can schedule maintenance windows, so it should help organizations fine tune their resource availability," Gregory said of the changes. "It is still somewhat disruptive but the advance notifications help keep the disruption and the surprise down, but we've come a long way since Microsoft used to hurl these things out to us without any advance warning."

The former location of the ANS will no longer exist. The June ANS will be available on June 7. Customers can also continue to subscribe to the ANS and other alerts, Microsoft said.

Tags: Security Patch Management,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary