Every little bit helps when it comes to getting patch information early.
That's how some customers reacted to the news that Microsoft will be sending out advance warning about what patches
Company executives said the Security Bulletin Advanced Notification program will be open to everyone, and will be available on Microsoft's TechNet site. In December, customers will be able to sign up on the Web for advanced e-mail notification about upcoming patches. General information about planned patches will be available three business days before Patch Tuesday.
"From our perspective, it's a big plus," said Jack Nielsen, a desktop architecture manager at Ashland Inc., a petroleum products company based in Covington, Ky. "I had heard [today] that the patch coming out [this month] won't affect us. So our people know they won't have to work late that night."
Lessons learned from past exploits
Like Nielsen, plenty of customers have learned to react quickly to the critical patches, pushing them out within hours using their patch management applications. "We've
Microsoft has been releasing patches on a monthly basis for about a year, a decision made to put some regularity in the process so customers wouldn't get caught off guard. Unfortunately, on occasion, customers are caught on Patch Tuesday with a large list of bulletins to assess.
Microsoft had been releasing information about the upcoming patches early to some large -- or premier -- customers through their account managers. Other customers were able to get the information only by signing a nondisclosure agreement before patches were released.
A Microsoft spokeswoman said the business of giving some customers early warning was just a trial, but the company has decided that the early release of this information will be too general for anyone who wants to use the information for malicious purposes.
A 'directional, not definitive' notice
The Web site will offer the patch number and its severity rating. Microsoft said the information is intended to be "directional, not definitive."
But while the early patch news is helpful, it won't really change the day-to-day dealings of the average IT manager. "It won't mean much for us," said Jim Harings, an IT manufacturer at a Milwaukee-based control systems manufacturer. "We generally take our time when patches come out. We spend two or three weeks to see if a patch fits our needs. We won't change this unless we know someone has exploited [the vulnerability]."