Microsoft promises fewer surprises in Patch Tuesday

Microsoft is changing the way it documents its monthly security patches.


Microsoft is changing the way it documents its monthly security patches.

Starting next month, the software giant will add more details to its Advanced Notification Alerts in order to give customers a better idea of whether they'll be rushing out software patches to their users.

Microsoft publishes these alerts five days before the security updates come out each month in order to let customers know which applications they may have to patch. The software updates and the security bulletins that accompany them are released on the second Tuesday of every month, a day known as "Patch Tuesday".

Previously the Advanced Notification alerts contained only limited details on the updates - that Microsoft would be patching at least one critical Office bug, for example - but that is now changing, according to Microsoft security program manager Mark Griesi.

The new alerts will say which versions of Microsoft products will be affected. "In the past we said, 'In Windows there will be something released,'” he said. "Now we're providing a complete summary... It will tell you what the affected software is, including the maximum severity rating."

Microsoft had previously restricted the information in these alerts to make it harder for hackers to guess where bugs might lie, he said.

The Advanced Notification changes will make it easier for administrators to plan their update roll-outs, said Richard Linke, an independent security consultant based in Chicago. "If you basically just announce the components and the security levels for us that would far better help us in planning," he said.

Microsoft revealed its plans in a blog posting. Customers will see the new documentation starting with the 7 June Advanced Notification alert.

Microsoft has also streamlined its Patch Tuesday security bulletins to make it easier for customers to figure out whether the latest patches apply to the products they are using and how serious they really are.

Microsoft published an example of the new outline on its web site.

"Recommended For You"

Microsoft to patch Windows, SQL Server & Exchange Server next week Microsoft plans six 'critical' patches next week