News Stay informed about the latest enterprise technology news and product updates.

Admins applaud Microsoft's early warning program

IT organizations will now be able to better assess threats and allocate resources before security patches are released.

Every little bit helps when it comes to getting patch information early.

That's how some customers reacted to the news that Microsoft will be sending out advance warning about what patches

I had heard that the patch coming out won't affect us. So our people know they won't have to work late that night.

Jack Nielsen, desktop architecture manager, Ashland Inc.

will be made available on the second Tuesday of the month.

Company executives said the Security Bulletin Advanced Notification program will be open to everyone, and will be available on Microsoft's TechNet site. In December, customers will be able to sign up on the Web for advanced e-mail notification about upcoming patches. General information about planned patches will be available three business days before Patch Tuesday.

"From our perspective, it's a big plus," said Jack Nielsen, a desktop architecture manager at Ashland Inc., a petroleum products company based in Covington, Ky. "I had heard [today] that the patch coming out [this month] won't affect us. So our people know they won't have to work late that night."

Lessons learned from past exploits

Like Nielsen, plenty of customers have learned to react quickly to the critical patches, pushing them out within hours using their patch management applications. "We've

For more information

See why Microsoft's early notices level the patch playing field


Look back at October's record-breaking Patch Tuesday

learned our lesson from Blaster," Nielsen said.

Microsoft has been releasing patches on a monthly basis for about a year, a decision made to put some regularity in the process so customers wouldn't get caught off guard. Unfortunately, on occasion, customers are caught on Patch Tuesday with a large list of bulletins to assess.

Microsoft had been releasing information about the upcoming patches early to some large -- or premier -- customers through their account managers. Other customers were able to get the information only by signing a nondisclosure agreement before patches were released.

A Microsoft spokeswoman said the business of giving some customers early warning was just a trial, but the company has decided that the early release of this information will be too general for anyone who wants to use the information for malicious purposes.

A 'directional, not definitive' notice

The Web site will offer the patch number and its severity rating. Microsoft said the information is intended to be "directional, not definitive."

But while the early patch news is helpful, it won't really change the day-to-day dealings of the average IT manager. "It won't mean much for us," said Jim Harings, an IT manufacturer at a Milwaukee-based control systems manufacturer. "We generally take our time when patches come out. We spend two or three weeks to see if a patch fits our needs. We won't change this unless we know someone has exploited [the vulnerability]."

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.