Feeds

MS debuts 'forthcoming attractions' pre-alert alert

Alert Thursday joins patch Tuesday in BoFH calendars

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Microsoft is to give users three working days notice about upcoming security patches. Starting this month the software giant will provide a general summary of upcoming updates just before it releases patches, an event that normally takes place on the second Tuesday of every month.

This information - the number and severity of security fixes and the products they are for - has been available for Microsoft's premium customers for over a year. Now it's extending the service to the great unwashed. Microsoft's Security Bulletin Advanced Notification program will give Microsoft shops some idea about how much work they have in front of them and thereby help to plan overtime. It might also help Microsoft fend off criticism sometimes heard during heavy patch months that it is dumping too many patches on users, all at once and with insufficient notice.

But aside from these points we can't see the pre-notice notices making a great deal of difference to either attackers or defenders of IT systems. Those on the dark side are normally all too aware about which Microsoft's products have unpatched holes without Microsoft's minimalist pre-alerts.

Microsoft published the first of these "upcoming attraction" notices today in advance of a patch to be delivered on 9 November. The lone patch next Tuesday (November 9) will be an "important" fix for Microsoft's Internet Security and Acceleration Server (ISAS) firewall and web-caching server. From next month, these alerts will also be sent out by email.

This pre-notice coincides with the launch of a Validation Program for ISAS 2004 at this week's RSA conference in Barcelona. Microsoft is working in concert with VeriTest to certify that third-party security software can work with Microsoft's firewall and web-caching server. First to come though this process is McAfee SecurityShield. Censorware software from SurfControl and load balancing technology has also been put through the certification process. By adding third-party ISV support, and signing up hardware OEMs to pre-load ISAS 2004 on appliances, Microsoft is seeking to broaden the appeal of its software and challenge traditional security firms in the firewall market.

Rich Kaplan, VP of the Security Business & Technology Unit at Microsoft, also announced the forthcoming availability of the Windows Rights Management Services (RMS) Service Pack 1 (SP1) beta. The release, due 1H2005, features smart card support and tighter integration with Active Directory as enhancements to Microsoft's product for controlling what users can do with sensitive business documents. ®

Related stories

Microsoft adds security layers to ISA Server
Seven critical in MS October patch batch
Oracle's first monthly patch batch fails to placate critics

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.