Tomorrow’s Microsoft “Patch Tuesday” is going to seem a little bit more confusing than past patch days for the majority of Microsoft’s customers.
“They’ve gone from free to fee, and for really no particular reason,” said Andrew Storms, vice president of security services at New Context, a San Francisco-based security consultancy, in an interview.”
Microsoft Windows administrators have been familiar with the ANS, or Advanced Notification Service emails that were sent out a head of Microsoft’s scheduled patch release date with information regarding what software was to be patched, their classification of the patch, and associated knowledge base articles. Starting with tomorrow’s patch Tuesday, Microsoft will not provide advanced notice of patches.
“Customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies,” said Chris Betz, senior director at the Microsoft Security Response Center (MSRC). “While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically.”
“Microsoft prefers to call its monthly security release “Update Tuesday,” apparently believing “Patch Tuesday” carries negative connotations.”
So, unless your organization pays for premiere support or is otherwise involved in sharing security information with Microsoft, you will no longer be receiving these email updates.
Personally, I’ve never participated in the online briefings, but I would skim the list of patches, sorry, “updates” that Microsoft would be pushing out to Microsoft Windows Update Servers (WUS) running on private networks. While I’m sad to see the email notices and blog postings go away, for small to mid-sized organizations, I’m not sure that there will be a meaningful impact on day-to-day operations. What will likely become of this is that Windows client and Windows Server administrators will need to pay more attention when testing the latest updates before deploying them on production servers.
[Via ComputerWorld.com…]