November 04, 2004, 11:41 AM — Microsoft Corp. will give customers advance notice of its monthly security updates in an effort to help them prepare to install related software patches, the company announced Thursday.
Starting this month, Microsoft will publish on its Web site a summary of planned security bulletins three days before they are released in their entirety. The summary will include information on which products are affected by updates, and severity ratings for security problems. The company normally releases security bulletins on the second Tuesday of each month. It previously offered customers who signed up through support personnel advanced notifications, but the information was not published for all customers.
"Giving customers advanced warning is really the next stage in making security more predictable," said Gytis Barzdukas, director of product management in Microsoft's Security Business and Technology Unit. With the security guidance, companies can schedule the needed IT staff for the update release day, and can prioritize their activities according to how critical the updates are, he said.
The information will be available at http://www.microsoft.com/technet/security/default.mspx.
Barzdukas spoke in a phone interview from the RSA Conference Europe 2004 in Barcelona, where Microsoft offered an update of its ongoing security efforts.
In addition to the notification service, Microsoft also said that it would deliver a beta version of its Windows Rights Management Services (RMS) Service Pack 1 (SP1) in the first half of 2005, and that it started a partner validation program for its Internet Security and Acceleration (ISA) Server 2004. The validation program aims to assure customers of the interoperability of third-party products used with ISA Server 2004, and is being run in collaboration with VeriTest testing services, Microsoft said.
Barzdukas said that the announcements were of particular interest to European users. The RMS service pack, for instance, adds improved authentication by smart cards, and the ability to be deployed without a network connection to the Internet.
"There's a lot more use of smart cards and token authentication in Europe, so we saw a lot of demand for these capabilities here," Barzdukas said. Additionally, European customers were interested in running RMS on servers not connected to the Internet, he said.
"We've moved away from the old model and are offering them control of their data on disconnected servers," Barzdukas said.
The ISA Server 2004 validation program also addresses the tendency of Europeans to use more hardware security products than North American users, Barzdukas said.
"Basically what we can do is go deeper and richer into packet inspection to help manage hardware," he said.