RealTime IT News

Microsoft Ends Exclusive Patch Peeks

Microsoft plans to open up who gets a sneak peek at its security bulletins.

The company said the preview of its upcoming security updates and patches would be available for three business days before its monthly patch update (the second Tuesday of the month). It will contain a general summary of the planned security bulletins, including the number of updates, their severity and overview of the products affected.

As first reported by internetnews.com, Microsoft has been giving only its premium customers a peek into what kind of patches would be coming out ahead of time. The year-old program was criticized by security analysts, who said all customers should be able to have access to the same security information.

During the RSA Security conference in Barcelona, Spain, Thursday, Microsoft said it would make all the previews available publicly beginning this month.

Amy Carroll of Microsoft's security, business and technology unit, said the company didn't see advanced notification as a service for its premium customers, but rather a year-long test before bringing it into the public arena. Users who weren't premium members, but who signed a non-disclosure agreement (NDA) as premium members did, were allowed to participate, she said.

The preview of upcoming updates will be available three business days -- in November's case, Friday -- before the second Tuesday of the month.

It will contain a general summary of the planned security bulletins, including the number of updates, their severity and overview of the products affected.

Microsoft customers can go here to see the summary. In December, officials will begin making advanced notifications available by e-mail. Carroll said the company is evaluating whether or not to include an RSS feed down the road.

The page already contains its first entry for the planned Nov. 9 update to Microsoft's Internet Security and Acceleration Server (ISAS).

The notice coincides with an ISAS 2004 Validation Program launched by company officials Thursday. The certification program is for ISVs to maximize ISAS compatibility with their software products. According to Microsoft's release, anti-virus player McAfee have already validated their SecurityShield service with ISAS 2004. Certification is conducted by VeriTest here.

"We're continuing to make progress," Carroll said of the company's security-related initiatives. "We've been quite clear about our commitment to security; it's important to us and to our customers. What we're seeing is good progress, certainly there's more to do. It's an industry-wide issue [but] there's a lot more that needs to be done because there's no one solution."

The company also announced in Barcelona the mid-2005 availability of Windows Rights Management Services (RMS) Service Pack 1. RMS, released earlier this year, provides policy rights for documents and the users who access those files.

In related news, security officials at Microsoft are still looking for a fix after reports surfaced on BugTraq and at Secunia Wednesday over new vulnerabilities found in Internet Explorer.