[ISN] Microsoft to help users prep for patching

[InfoSec News]

http://www.computerworld.com/securitytopics/security/story/0,10801,97221,00.html

By Scarlet Pruitt
NOVEMBER 04, 2004
IDG NEWS SERVICE

Microsoft Corp. will give customers advance notice of its monthly
security updates in an effort to help them prepare to install related
software patches, the company announced today.

Starting this month, Microsoft will publish on its Web site a summary
of planned security bulletins three days before they are released in
their entirety. The summary will include information on which products
are affected by updates, and severity ratings for security problems.  
The company normally releases security bulletins on the second Tuesday
of each month. It previously offered advanced notifications to
customers who signed up through support personnel, but the information
was not published for all customers.

"Giving customers advanced warning is really the next stage in making
security more predictable," said Gytis Barzdukas, director of product
management in Microsoft's Security Business and Technology Unit. With
the security guidance, companies can schedule the needed IT staff for
the update release day, and can prioritize their activities according
to how critical the updates are, he said.

The information will be available at
www.microsoft.com/technet/security/default.mspx.

Barzdukas spoke in a phone interview from the RSA Conference Europe
2004 in Barcelona, Spain, where Microsoft offered an update of its
ongoing security efforts.

In addition to the notification service, Microsoft also said it would
deliver a beta version of its Windows Rights Management Services (RMS)  
Service Pack 1 in the first half of 2005, and has started a partner
validation program for its Internet Security and Acceleration Server
2004. The validation program aims to assure customers of the
interoperability of third-party products used with ISA Server 2004,
and is being run in collaboration with VeriTest testing services,
Microsoft said.

Barzdukas said that the announcements are of particular interest to
European users. The RMS service pack, for instance, adds improved
authentication by smart cards and the ability to be deployed without a
network connection to the Internet.

"There's a lot more use of smart cards and token authentication in
Europe, so we saw a lot of demand for these capabilities here,"  
Barzdukas said. European customers were also interested in running RMS
on servers not connected to the Internet.

"We've moved away from the old model and are offering them control of
their data on disconnected servers," Barzdukas said.

The ISA Server 2004 validation program also addresses the tendency of
Europeans to use more hardware security products than North American
users, Barzdukas said. "Basically what we can do is go deeper and
richer into packet inspection to help manage hardware," he said.

The announcements today come as part of increasing efforts by the
software maker to show that it is serious about security. Earlier this
year it delivered the much-anticipated Windows XP Service Pack 2,
which Barzdukas dubbed as the "largest automatic download of
technology ever."

Since its August launch, more than 110 million customers have
downloaded Service Pack 2, Microsoft said today.