http://www.computerworld.com/securitytopics/security/story/0,10801,97221,00.html By Scarlet Pruitt NOVEMBER 04, 2004 IDG NEWS SERVICE Microsoft Corp. will give customers advance notice of its monthly security updates in an effort to help them prepare to install related software patches, the company announced today. Starting this month, Microsoft will publish on its Web site a summary of planned security bulletins three days before they are released in their entirety. The summary will include information on which products are affected by updates, and severity ratings for security problems. The company normally releases security bulletins on the second Tuesday of each month. It previously offered advanced notifications to customers who signed up through support personnel, but the information was not published for all customers. "Giving customers advanced warning is really the next stage in making security more predictable," said Gytis Barzdukas, director of product management in Microsoft's Security Business and Technology Unit. With the security guidance, companies can schedule the needed IT staff for the update release day, and can prioritize their activities according to how critical the updates are, he said. The information will be available at www.microsoft.com/technet/security/default.mspx. Barzdukas spoke in a phone interview from the RSA Conference Europe 2004 in Barcelona, Spain, where Microsoft offered an update of its ongoing security efforts. In addition to the notification service, Microsoft also said it would deliver a beta version of its Windows Rights Management Services (RMS) Service Pack 1 in the first half of 2005, and has started a partner validation program for its Internet Security and Acceleration Server 2004. The validation program aims to assure customers of the interoperability of third-party products used with ISA Server 2004, and is being run in collaboration with VeriTest testing services, Microsoft said. Barzdukas said that the announcements are of particular interest to European users. The RMS service pack, for instance, adds improved authentication by smart cards and the ability to be deployed without a network connection to the Internet. "There's a lot more use of smart cards and token authentication in Europe, so we saw a lot of demand for these capabilities here," Barzdukas said. European customers were also interested in running RMS on servers not connected to the Internet. "We've moved away from the old model and are offering them control of their data on disconnected servers," Barzdukas said. The ISA Server 2004 validation program also addresses the tendency of Europeans to use more hardware security products than North American users, Barzdukas said. "Basically what we can do is go deeper and richer into packet inspection to help manage hardware," he said. The announcements today come as part of increasing efforts by the software maker to show that it is serious about security. Earlier this year it delivered the much-anticipated Windows XP Service Pack 2, which Barzdukas dubbed as the "largest automatic download of technology ever." Since its August launch, more than 110 million customers have downloaded Service Pack 2, Microsoft said today. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Nov 05 2004 - 03:06:34 PST