Article

Admins applaud Microsoft's early warning program

Margie Semilof

Every little bit helps when it comes to getting patch information early.

That's how some customers reacted to the news that Microsoft will be sending out advance warning about what patches

    Requires Free Membership to View

I had heard that the patch coming out won't affect us. So our people know they won't have to work late that night.


Jack Nielsen, desktop architecture manager, Ashland Inc.

,
will be made available on the second Tuesday of the month.

Company executives said the Security Bulletin Advanced Notification program will be open to everyone, and will be available on Microsoft's TechNet site. In December, customers will be able to sign up on the Web for advanced e-mail notification about upcoming patches. General information about planned patches will be available three business days before Patch Tuesday.

"From our perspective, it's a big plus," said Jack Nielsen, a desktop architecture manager at Ashland Inc., a petroleum products company based in Covington, Ky. "I had heard [today] that the patch coming out [this month] won't affect us. So our people know they won't have to work late that night."

Lessons learned from past exploits

Like Nielsen, plenty of customers have learned to react quickly to the critical patches, pushing them out within hours using their patch management applications. "We've

For more information

See why Microsoft's early notices level the patch playing field

 

Look back at October's record-breaking Patch Tuesday

learned our lesson from Blaster," Nielsen said.

Microsoft has been releasing patches on a monthly basis for about a year, a decision made to put some regularity in the process so customers wouldn't get caught off guard. Unfortunately, on occasion, customers are caught on Patch Tuesday with a large list of bulletins to assess.

Microsoft had been releasing information about the upcoming patches early to some large -- or premier -- customers through their account managers. Other customers were able to get the information only by signing a nondisclosure agreement before patches were released.

A Microsoft spokeswoman said the business of giving some customers early warning was just a trial, but the company has decided that the early release of this information will be too general for anyone who wants to use the information for malicious purposes.

A 'directional, not definitive' notice

The Web site will offer the patch number and its severity rating. Microsoft said the information is intended to be "directional, not definitive."

But while the early patch news is helpful, it won't really change the day-to-day dealings of the average IT manager. "It won't mean much for us," said Jim Harings, an IT manufacturer at a Milwaukee-based control systems manufacturer. "We generally take our time when patches come out. We spend two or three weeks to see if a patch fits our needs. We won't change this unless we know someone has exploited [the vulnerability]."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: