Microsoft Restricts Advanced Notification of Patch Tuesday Updates

wiredmikey writes Microsoft has decided to ditch its tradition of publicly publishing information about upcoming patches the Thursday before Patch Tuesday. The decision represents a drastic change for the company's Advance Notification Service (ANS), which was created more than a decade ago to communicate information about security updates before they were released. However, Microsoft's "Premier customers" who still want to receive information about upcoming patches will be able to get the information through their Technical Account Manager support representatives, Microsoft said.

Re:

[Anonymous Coward]

I did that and now none of my programs work!

Typical

[ITRambo]

What is the deep thinking that went into this action? Why change the established process at all if it was working? The linked article doesn't give a very good explanation. Now only a select few will get advance warning. Are they afraid that the early information might give "bad guys' a leg up, or are they putting this off to buy themselves a few more days to decide which patches are least likely to cause problems?

Re:Typical

[ganjadude]

if I had to guess, it might to be not tip off the cyber criminals using the exploits that will be patched. its the only logical reason I can think of

Re:Typical

[plebeian]

Given the number of problematic updates lately, I would be willing to bet they are getting into trouble because they have publicly committed to releasing a patch before it has completed QC testing. My two cents say that this is an effort to reduce the pressure on the testing teams in an effort to improve overall patch quality.

Re:

[ganjadude]

thats a good point as well. Making hard deadlines for software is generally a bad idea

Re:

[NatasRevol]

Good point, but it's not the testing teams. It's the dev teams. Put the onus where it should be.

Testers find bugs.
Devs create bugs.

Re:Typical

[Penguinisto]

if I had to guess, it might to be not tip off the cyber criminals using the exploits that will be patched. its the only logical reason I can think of

It is a logical reason, but it only means that the patching itself will be delayed in many cases, as testing by the end-users (well, the professional ones) won't have advanced notice to work up potential courses of action to take.

What I mean is, if a sysadmin knows there's a patch for IIS coming out, he would have a few days to at least work out a quick plan for CAB/Change-Control in order to test and implement it - now he gets to wait until Patch Tuesday to even work up a plan, because he's not going to know what's coming out and what components will be affected.

No skin offa mine (I work in the *nix world, and even my workstation is a Mac), but I can certainly see where this change would cause a bit of an inconvenience, and it wouldn't really do much more than shift the timetable over for the 0-day exploit crowd.

Re:Typical

[mark-t]

Presumably, a sysadmin in a corporate environment would get a premier account so that they *can* make such necessary plans.

No news here, really. All this is a story about is a company that's decided to charge for something they had previously been giving away for free with the expectation that they can generate more revenue.

Re:

[Anonymous Coward]

No, what you purchased was a license to use the software, you didn't purchase support.

Re:

[dissy]

Presumably, a sysadmin in a corporate environment would get a premier account so that they *can* make such necessary plans.

Presumably. This just means I will need the company to pay more than previously for the same service.

Proven fact however, the "bad guys" make much more money from their crimes than our company does legally. Rest assured that all the "bad guys" that matter already have the resources to pay for this advanced notice and nearly all will do so if they somehow are not already.

Only the script-kiddies living in the basement that mow lawns for their income will actually be locked out. Any serious actor will not.

M

Re: Typical

[tysonedwards]

It could also be an acknowledgement that newer business server environments where roll backs are more likely to be "painful" are typically run in sandboxes, be it through VMWare, Hyper-V or a handful of other tools. As such, a problematic roll-back is presently accomplished through snapshots. Where virtualization isn't employed, hopefully companies employ a prod/non-prod environment for their servers. And as far as workstations are concerned, Microsoft's default WSUS behavior has been to force manual whitel

Re:

[mark-t]

What.... like cyber criminals aren't capable of getting a premier account themselves?

People have posited plenty of plausible reasons why MS might be doing this here, but this is most certainly not one of them.

Re:Typical

[gstoddart]

"I'm glad to see that they are willing to talk about the trends they observe in the existing system, but by making this switch, Microsoft is not just cutting through the clutter, they are hiding their security report card from the general public"

Could it be as simple as PR and making it look like they patch fewer security holes?

Re:

[helix2301]

I am thinking the same thing as ganjadude it gives hackers an extra few days to exploit those holes before there patched. For security reasons I understand but people have gotten so used to the old process. I been saying for a few years now why give away the security holes before the patches come out I agree with Microsoft on this change.

Re:

[bickerdyke]

Are they afraid that the early information might give "bad guys' a leg up, or are they putting this off to buy themselves a few more days to decide which patches are least likely to cause problems?

I doubt that as the usual advance patch notes (and the patch notes themselves) were never more specific than a general "this patch fixes some errors" - specifically to avoid tipping of the bad guys.

A good reason why

[Revek]

They want to break more shit.

In other words. . .

[smooth wombat]

they're continuing their newly established tradition of hiding things from users.

Windows 7 started the trend of burying what used to be easily accessible options. What used to take 2 or 3 steps to accomplish was now, in most cases, doubled, not to mention neutering the Start menu.

Then came Windows 8/8.1 where you couldn't find anything in general, including Control Panel, because everything was a tile with some random combination of characters for a description.

Windows 10 appears to be continuing down this path though they did graciously open the desktop back to the user but still restrict what you can see in the Start menu.

Now they've gone and gotten rid of pre-notification of what the patches they're offering are all about.

At this rate, in a few years there will be nothing but a black hole from which is emitted a particle of Hawking radiation, leaving the user completely in the dark until the moment it arrives.

Re:In other words. . .

[ganjadude]

i really dont think windows 7 made it harder to find things, in fact quite the opposite. Between the expanded functionality in the start menu over XP and previous versions, and the faster indexing making search usable finally. Im with you on windows 8 however, it, to me is useless without classic shell installed

Re:

[ganjadude]

correct, the search got even better on 8 over 7, but the learning curve for where to find everything was a big changeup vs xp-7

Re:

[simplypeachy]

Search in 8 to 7 certainly was certainly wider. Unfortunately the Amazon, Bing and other retailer hits for "Control Panel", "Printers", "Word" and "mmc" were never really that helpful.

Re:

[roman_mir]

I am so glad I don't need to participate in this discussion because I am actually using Linux desktop and have been on it since early 2000s. But I did have to look at Windows past XP and my general impression of everything that is happening to Windows GUI is negative. I have nothing but negative feelings for all new versions of Windows since XP, but of-course I am not a target user anymore, but I did like XP, so that's my anecdote.

Re:

[rhodium_mir]

Whoa, this "Linux desktop" you speak of sounds revolutionary. Please tell us more!

Re:

[zacherynuk]

Win 7 didn't make it harder, but you had to jump through several more hoops to DO anything. Changing the time, creating a share etc. Or having to search for the option of turning off the fucking irritating wiggle a window to minimize all or snap to random monitor option.
MENUS work really fucking well. We shouldn't have to SEARCH for things - prime daily example for me is (Apart from everything MAC OS) is on the Server 2008 (Basically Win7) platform, I have to SEARCH for "common" to toggle "common deskto

Re:

[jones_supa]

In Windows 8 they also removed the system tray icon notifying about new updates when the option "check for new updates but let me choose when to download and install them" is selected.

Re:In other words. . .

[Anrego]

I still remember trying to set up an older printer on my mothers laptop with windows 8. I spent what felt like a half hour clicking around trying to find the damn printer settings. Eventually I gave up and googled it. The instructions on _Microsoft's_ site used the built in search feature. Even they couldn't figure out the convoluted path to the "add new printer" page. This was my first (though unfortunately not last) experience with windows 8, and subsequent exposure has not gone any better.

They've sinced changed it, but you can still use archive.org to view the old version:

Current: http://windows.microsoft.com/e... [microsoft.com]
Old: https://web.archive.org/web/20... [archive.org]

Re:

[Anonymous Coward]

Perhaps they could make the screen a big text window were we could type queries and commands all the time. MS could even provide a prompt in this window. And since we're curious of where to find some feature or action, it could be a "C" prompt - followed by a colon or other terminator.

Re:

[NatasRevol]

Those last five words...

Re:

[spire3661]

WE dont mind querying, search is awesome, but the problem is when you abstract everything away, i have no way of verifying the query. I have to trust you are showing me the right data instead of just letting me see it the traditional way. It IS a second language for us, so much so that we can easily see where the holes are.

Win Updates used to be ...

[CaptainDork]

... something that was plug and play.

I don't know what has introduced the recent sloppy roll-outs, but we've been bitten the last few months what with updates that crack part of the system whereby Microsoft pulls a patch and rolls out a patched patch.

With many computers on the line, this kind of sloppiness creates major headaches in the field and at home.

I'm advising that people wait at least one week to apply patches.so I can Google, "FUCKING PATCHES!"

If that doesn't happen, I drop the white flag and stuff

Re:

[neo-mkrey]

Microsoft laid off over half of their QA people last year, and are now reaping the results. Because, QA, who needs it? Let the users find the bugs.

Paywalling does not work

[Anonymous Coward]

Paywalling doesn't work. Mary Jo Foley will just talk to anonymous enterprise customers and run an article every week about what's in next week's patch. Right now, sites like The Consumerist are an echo chamber for what's behind the WSJ paywall. They "report" on any article behind the WSJ, reporting the few actual facts in the article and stripping out the fluff.

Ri-i-ight! That'll fix the...

[CAOgdin]

...growing problem of BadWare (see http://www.forbes.com/sites/ja... [forbes.com]) from Redmond!

Just another slip down the old rabbit hole for Microsoft, once-great company now driving by non-technical management who don't understand their business!