Security Advisor

Microsoft Kills Public Patch Tuesday Advance Notifications

The company cited that the general lack of interest by organizations led to the change.

Microsoft announced today that it will no longer publicly release advance notification for its monthly security update.

Typically released on the Thursday before the patch, the advance notifications provided a general breakdown of the month's security bulletins, alerting IT to which products will be receiving a fix and what the patching order should be, based off of severity levels of individual items. While the advance notifications will no longer be readily available online, some organizations will still receive the information.

"We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and Web page," wrote Chris Betz, senior director for the Microsoft Security Response Center (MSRC) in a blog post.

Betz went on to explain that the company decided to cut the service due to the small percentage of organizations that use the advance notification, saying that most will wait for the full security update breakdown that arrives with the monthly security update on the second Tuesday of every month.

"More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations," wrote Betz. "Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organize and prioritize deployment. Customers are also moving to cloud-based systems, which provide continuous updating."

Enterprises that are enrolled in Microsoft Services Premier Support will still receive the advance notification on request.

While Microsoft is framing this change as an "evolving" step for its ANS (as evident by the Betz blog title), many IT pros don't see it in those terms. Ross Barrett, security firm Rapid 7's senior manager of security engineering, isn't pleased with the service cut. "This is an assault on IT and IT security teams everywhere," said Barrett, in an e-mailed statement. "Making this change without any lead up time is simply oblivious to the impact this will have in the real world. Microsoft is basically going back to a message of 'just blindly trust' that we will patch everything for you. Honestly, it's shocking."

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus