Microsoft will give advance notice of its monthly security updates as part of an effort to make it easier for IT managers to install software patches.
Starting this month, the company will post brief summaries of the planned security bulletins on its website three days before they're released, said Debbie Fry Wilson, director of marketing at Microsoft's Security Response Center. The summaries will include a brief description of the affected software, the severity rating assigned to each flaw and whether the patches will require systems to be rebooted. It will also send the summaries to users who register for e-mail notification.
Microsoft has been making this advance information available for some time to corporate users who sign non-disclosure agreements but it will now make them available to anyone who wants them. Why? "This is based on customer feedback," Wilson said. "We heard from our customers that this sort of early feedback would be useful for planning."
But a lot depends on the kind of information that is made available, said Mike Tindor, vice president of network operations at First Internet. "The only time I would see it as being significant is if an upcoming patch is likely to break some service or software that is currently running on a production machine," he said. "In that case, advance notice is definitely helpful so that we can plan for a work-around or an alternative method of dealing with the possible breakage."
There is however no word as yet on the huge hole in Explorer discovered last week that Microsoft is trying to keep as quiet as possible because it doesn't have a patch for it yet.