Revamping the Security Bulletin Release Process [PLEASE READ]
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 10/15/03
- Next message: Karl Levinson [x y] mvp: "Re: Messenger Service"
- Previous message: Bill Sanderson: "Re: Confirm Security Updates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Oct 2003 13:39:31 -0400
Community Bulletin
Revamping the Security Bulletin Release Process * October 15, 2003
In response to extensive customer feedback, Microsoft is implementing
changes in the way security bulletins are released. A detailed white
paper about the changes that are being implemented can be found at
http://www.microsoft.com/technet/security/bulletin/revsbwp.asp.
Security bulletins will normally be released on the second calendar
Tuesday of every month. However, the first monthly bulletins will be
released on Wednesday, October 15, 2003.
As before, Microsoft will issue a single security bulletin per patch. An
additional security bulletin summary document per product family will be
issued that will provide summarized information for all the patches
released that month for the product family. Microsoft will also provide
additional prescriptive guidance within the security bulletins including
workarounds for all vulnerabilities where a workaround is feasible,
risk-assessment for specific threats, and other information that will
make it easier for customers to evaluate and deploy the patches. A
Knowledge Base article for every patch will be created that will provide
a link to the corresponding security bulletin without duplicating the
same information.
The new security bulletin format and process applies to both the
technical bulletin (targeted at IT Pros and other technical users) and
the consumer bulletin (targeted at the non-technical users). The primary
differences are in the level of technical details and that the consumer
bulletin will be limited to Windows and Office patches.
Microsoft currently provides customers with a number of tools and
resources to help manage the complex task of patch management and
deployment. These tools and resources are located at
http://www.microsoft.com/technet/security. Microsoft also provides clear
product lifecycle policies (http://www.microsoft.com/lifecycle) so
customers are able to plan on the availability of security patches for
supported software products.
Customers using Microsoft's patch management and deployment tools such
as SMS (Systems Management Server) with Feature Pack 3, SUS (Software
Update Services), MBSA (Microsoft Baseline Security Analyzer), Windows
Update and Office Update will not need to upgrade or replace their tools
to continue using them.
Customers using non-Microsoft patch management and deployment products
will need to work with their vendors to ensure that their products
continue to function with the new process.
Jerry Bryant - PM
Microsoft IT Communities - Security
- Next message: Karl Levinson [x y] mvp: "Re: Messenger Service"
- Previous message: Bill Sanderson: "Re: Confirm Security Updates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
