News Stay informed about the latest enterprise technology news and product updates.

Microsoft updates patch progress

Microsoft is going to bring order to the chaos that is Windows patch management. So says company security chief Scott Charney. The plan will reduce the number of patch installer tools from eight to two by year end.

DALLAS –- Microsoft Corp.'s top security chief this week gave customers an update on the company's patch management...

overhaul, a move that began last September.

At the annual TechEd conference, Scott Charney, Microsoft's chief security strategist, said that the company has developed a common nomenclature across its product groups and completed a road map toward the goal of making patch delivery and installation easier for customers.

Most immediately, Microsoft will reduce the number of patch installers from eight to two; that change is slated to happen by the end of this year. Additionally, the company plans to have only one installer by 2005, or whenever the Longhorn version of Windows ships.

Charney said that he convenes a patch management working group that meets once a month. The company developed a white paper with guidance for customers; it will be available in about one month, he said. Going forward, any new patch must work with Microsoft Installer (MSI) or update EXE, which registers the patch with the operating system. The company is also working on reducing the size and improving the overall quality of its patches, Charney said.

Last fall, Bill Anderson, product manager in Microsoft's management business group, said that the company would turn its attention to helping customers wade through the confusing mire of patches. At that time, each of the different product groups at Microsoft had its own way of developing and delivering patches. Customers received hotfixes, service packs, service releases, critical updates and patches, but there was no clear way to know what was in each release.

For many customers, there is no bigger problem when it comes to Windows administration. "This is the No. 1 issue [Microsoft] needs to resolve," said Douglas Spindler, Active Directory project coordinator at Berkeley National Laboratory. "They should devote whatever resources it takes to make patch management something you don't think about."

Charney said that Microsoft developers met last week to discuss how to migrate the old installers to the new ones. The company is also discussing how to better deliver patches to customers.

In the past, IT administrators would check Microsoft's Web site periodically to see whether new patches were ready. That method of notification was upgraded to e-mail notification, but the company then decided to release patches only on Wednesdays. Microsoft then became concerned that its Web servers would be overwhelmed by customers downloading patches, so it decided to add more servers and load balancing, Charney said.

The company is now running a pilot project where it hosts a conference call each Thursday with a select group of customers who have downloaded patches the previous Wednesday. Charney also meets twice per year with a chief security officer's council consisting of CSOs from 30 companies.

Today, Microsoft makes several of its own patch management tools, including Software Update Services, which updates Windows, and the Microsoft Baseline Security Analyzer, which identifies misconfigurations and scans for missing hotfixes. Earlier this year, Mike Nash, corporate vice president of Microsoft's security business unit, said that both products would be updated later in 2003.


Admins: MS should be more flexible with patch management apps

Four ways to sell a patch management strategy

Pick your patch management product -- admins enjoy choices

Dig Deeper on Windows Operating System Management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.