News Stay informed about the latest enterprise technology news and product updates.

Microsoft launches Patch Tuesday advisory release process

Experts are behind Microsoft's plan to release security alerts on a monthly cycle.

Security experts are lauding Microsoft's new plan to release vulnerability advisories once a month, rather than as needed on Wednesdays. Microsoft says the new monthly bulletin release cycle will add a level of predictability and manageability for customers and allow them to test and deploy patches in a timely manner.

"The number of Windows patch files is getting out of hand," says Richard M. Smith, an independent security researcher. "This is a good way of consolidating vast amounts of information."

Security bulletins will be released on the second Tuesday of every month.

"The downside is that if word gets out about a vulnerability, there's a bigger window for exploit," adds Smith. "However, Microsoft says it will continue to release patches early if users are faced by an immediate threat."

The new process will include a bulletin summary that describes issues and severity at a high level and provides pointers to the detailed security bulletin. The security bulletin and Knowledge Base article information will be merged into one comprehensive document. The bulletins will provide additional mitigations to make security response more manageable and give options beyond patching. Also, Microsoft released Windows XP Update Rollup 1 (a cumulative set of hotfixes, security patches and critical updates packaged together for easy deployment) via Windows Update.

The new security bulletin format and process applies to both the technical bulletin and the consumer bulletin.

CEO Steve Ballmer first announced the process at Microsoft's Worldwide Partner Conference.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.