Patch Tuesday just got a little more detailed

Microsoft Corp. said customers have convinced it to flesh out the monthly advance notice of impending security updates with more information.

Beginning in June, the advanced notice will offer more detail than before, Mark Miller, director of the Microsoft Security Response Center (MSRC), said on the group’s blog. Rather than earlier bare-bones guidance, which was limited to the software affected — Windows, for instance, or Office — and the maximum severity rating of all the updates, the MSRC will now summarize each bulletin separately the Thursday before patches are issued.

“Customers have told us that additional information would be even more helpful,” said Miller.

Microsoft has been criticized at times for the sparseness of the notices, most recently last month, when it issued an out-of-cycle critical update, then released five more bulletins, four also pegged critical, a week later. Users and analysts questioned Microsoft’s rationale for not being more forthcoming about the later patches when it posted the out-of-cycle fix.

As of June 7, notices will list the maximum severity rating, vulnerability impact, affected software and necessary detection information for each bulletin scheduled to post the following Tuesday. “The new ANS [advanced notification service] is essentially a subset of the monthly bulletin summary we publish the second Tuesday of each month,” Miller said, pointing to the monthly abstract Microsoft already posts online.

In May’s roundup for instance, the “Summary” section recapped each of the month’s seven critical bulletins with a short description, severity rating, impact (such as the flaw being remotely exploitable), and affected software. The reworked notice will be posted to a different URL than in the past, added Miller.

Miller also said that the MSRC has revised the organization of security bulletins and will debut the new design next month. “Customers very clearly pointed out that they were satisfied with the level of technical detail in the bulletins but needed to be able to more quickly determine the severity of the bulletin and its applicability to their environment,” he said.

Decision-making information has been moved to the top of the bulletin, a table has replaced the list to update download links, and section titles have been edited to make them clearer.

Microsoft has posted a sample of the new bulletin layout, using a February update, on its site.

Comment: info@itbusiness.ca

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.