Microsoft Opens Access to Vulnerability Notifications

← Back to Stories (view on slashdot.org)

Microsoft Opens Access to Vulnerability Notifications

Posted by CowboyNeal on Thursday November 4, 2004 @11:09PM from the open-doors dept.

joseph schmo writes "Microsoft has announced that it will throw open the floodgates of vulnerability notifications for everyone who wants them. Previously, it was only offering early notifications to 'Premier and other 'representative' customers,' or those customers who would sign a Non-disclosure statement."

8 of 104 comments (clear)

So? by Anonymous Coward · 2004-11-04 23:11 · Score: 5, Funny

Just set a Slashdot RSS up? Does the same thing!
Slashdotted by PhrostyMcByte · 2004-11-04 23:13 · Score: 5, Informative

It was probably talking about this.
Working links by DeadSea · 2004-11-04 23:17 · Score: 5, Informative
Get your early warnings here:
Microsoft Security Bulletin Advance Notification
Another news story about it:
- Information Week - Microsoft To Issue Early Warnings For Patch Tuesday Nov. 4, 2004 - The software maker will provide a summary of planned security bulletins three days in advance.
They were just jealous by thewonderllama.com · 2004-11-04 23:18 · Score: 5, Funny

BitTorrent traffic down to 33% of all internet traffic.... 28%... 22%... ~BS

--
Home of the EULA shirt
Re:Self Discipline? by blowdart · 2004-11-04 23:28 · Score: 5, Insightful

MS will be forcing itself not to become complacent and hide behind the obscurity of a vulnerability that may not be known, but instead will have to deal with the vulnerability in the correct way - fixing the thing.
Hold on. By giving a summary of fixes coming up, thus indicating the fix is already there does not change anything, or do what you suggest. This is not full disclosure of unfixed problems.
All that's happening is you'll get advanced summaries of what the monthly security updates will contain. They've already fixed it when this happens.
That's Good... by gowen · 2004-11-04 23:30 · Score: 5, Funny

... because before I was having to use an unpatched backdoor in IIS in order to access the webpages detailing the latest vulnerabilities.

--
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Re:Who cares? by julesh · 2004-11-04 23:52 · Score: 5, Interesting

I'm fine with the automatic Windows update!

That's what I thought until it stopped downloading patches for me without notification or error message (turns out I had failed to download an update that was labelled as non-critical which included a patch for BITS, which automatic update relies on, and it therefore stopped working... apply that patch and suddenly I had about two months' worth of critical updates coming down all at at once).
No real difference by dcam · 2004-11-05 00:14 · Score: 5, Insightful

From the Article all this means that you get an extra 3 days notice before the monthly release of security bulletins. What is the point of that?

The problem with the new MS regime of patching cycle is that they did not release information as it became available to them. Microsoft should release patches as soon as they are available, not on a monthly cycle. The current MS situation means that you arr vulernable for up to a month (if not more).

Microsoft's initial assumtion that virus's & scripts are released only when the patch is release is largely flawed.

--
meh