Microsoft Restricts Advanced Notification of Patch Tuesday Updates

← Back to Stories (view on slashdot.org)

Microsoft Restricts Advanced Notification of Patch Tuesday Updates

Posted by timothy on Friday January 9, 2015 @02:28AM from the you'll-find-out-eventually dept.

wiredmikey writes Microsoft has decided to ditch its tradition of publicly publishing information about upcoming patches the Thursday before Patch Tuesday. The decision represents a drastic change for the company's Advance Notification Service (ANS), which was created more than a decade ago to communicate information about security updates before they were released. However, Microsoft's "Premier customers" who still want to receive information about upcoming patches will be able to get the information through their Technical Account Manager support representatives, Microsoft said.

57 comments

Min score:

Reason:

Sort:

Typical by ITRambo · 2015-01-09 02:39 · Score: 5, Insightful

What is the deep thinking that went into this action? Why change the established process at all if it was working? The linked article doesn't give a very good explanation. Now only a select few will get advance warning. Are they afraid that the early information might give "bad guys' a leg up, or are they putting this off to buy themselves a few more days to decide which patches are least likely to cause problems?
1. Re:Typical by ganjadude · 2015-01-09 02:43 · Score: 4, Interesting
  
  if I had to guess, it might to be not tip off the cyber criminals using the exploits that will be patched. its the only logical reason I can think of
  
  --
  have you seen my sig? there are many others like it but none that are the same
2. Re:Typical by gstoddart · 2015-01-09 02:52 · Score: 3, Insightful
  
  "I'm glad to see that they are willing to talk about the trends they observe in the existing system, but by making this switch, Microsoft is not just cutting through the clutter, they are hiding their security report card from the general public"
  Could it be as simple as PR and making it look like they patch fewer security holes?
  
  --
  Lost at C:>. Found at C.
3. Re:Typical by plebeian · 2015-01-09 02:53 · Score: 4, Insightful
  
  Given the number of problematic updates lately, I would be willing to bet they are getting into trouble because they have publicly committed to releasing a patch before it has completed QC testing. My two cents say that this is an effort to reduce the pressure on the testing teams in an effort to improve overall patch quality.
  
  --
  "I myself am made entirely of flaws, stitched together with good intentions."
4. Re:Typical by Anonymous Coward · 2015-01-09 02:58 · Score: 0
  
  Now only a select few will get advance warning.
  Rephrase it as "now you need to purchase a premier membership to get advance warning" and it makes monetary sense.
5. Re:Typical by Penguinisto · 2015-01-09 03:00 · Score: 4, Insightful
  
  if I had to guess, it might to be not tip off the cyber criminals using the exploits that will be patched. its the only logical reason I can think of
  It is a logical reason, but it only means that the patching itself will be delayed in many cases, as testing by the end-users (well, the professional ones) won't have advanced notice to work up potential courses of action to take.
  What I mean is, if a sysadmin knows there's a patch for IIS coming out, he would have a few days to at least work out a quick plan for CAB/Change-Control in order to test and implement it - now he gets to wait until Patch Tuesday to even work up a plan, because he's not going to know what's coming out and what components will be affected.
  No skin offa mine (I work in the *nix world, and even my workstation is a Mac), but I can certainly see where this change would cause a bit of an inconvenience, and it wouldn't really do much more than shift the timetable over for the 0-day exploit crowd.
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
6. Re:Typical by helix2301 · 2015-01-09 03:11 · Score: 1
  
  I am thinking the same thing as ganjadude it gives hackers an extra few days to exploit those holes before there patched. For security reasons I understand but people have gotten so used to the old process. I been saying for a few years now why give away the security holes before the patches come out I agree with Microsoft on this change.
  
  --
  http://www.thetechnologygeek.org
7. Re:Typical by bickerdyke · 2015-01-09 03:13 · Score: 1
  
  Are they afraid that the early information might give "bad guys' a leg up, or are they putting this off to buy themselves a few more days to decide which patches are least likely to cause problems?
  I doubt that as the usual advance patch notes (and the patch notes themselves) were never more specific than a general "this patch fixes some errors" - specifically to avoid tipping of the bad guys.
  
  --
  bickerdyke
8. Re:Typical by mark-t · 2015-01-09 03:14 · Score: 2
  
  What.... like cyber criminals aren't capable of getting a premier account themselves?
  People have posited plenty of plausible reasons why MS might be doing this here, but this is most certainly not one of them.
  
  --
  File under 'M' for 'Manic ranting'
9. Re:Typical by mark-t · 2015-01-09 03:23 · Score: 4, Insightful
  
  Presumably, a sysadmin in a corporate environment would get a premier account so that they *can* make such necessary plans.
  No news here, really. All this is a story about is a company that's decided to charge for something they had previously been giving away for free with the expectation that they can generate more revenue.
  
  --
  File under 'M' for 'Manic ranting'
10. Re: Typical by tysonedwards · 2015-01-09 03:24 · Score: 1
  
  It could also be an acknowledgement that newer business server environments where roll backs are more likely to be "painful" are typically run in sandboxes, be it through VMWare, Hyper-V or a handful of other tools. As such, a problematic roll-back is presently accomplished through snapshots. Where virtualization isn't employed, hopefully companies employ a prod/non-prod environment for their servers. And as far as workstations are concerned, Microsoft's default WSUS behavior has been to force manual whitelisting of updates for deployment, as such it is the responsibility of administration staff to test said updates as they would anything that they choose to push to machines that they are responsible for as to reduce the likelihood of having their whole organization sitting on their hands for a day or two while they scramble to fix. Microsoft's change while annoying for process compliance within organizations makes some sense in a round about way as it forces people to test before deployment into their networks under the guise of "ZOMFG SCARY!"
  
  --
  Thirty four characters live here.
11. Re:Typical by Anonymous Coward · 2015-01-09 03:28 · Score: 0
  
  You can self-register at http://mybulletins.technet.microsoft.com/, even if you are a bad guy.
  FWIW, the interface sucks.
12. Re:Typical by ganjadude · 2015-01-09 03:31 · Score: 2, Informative
  
  thats a good point as well. Making hard deadlines for software is generally a bad idea
  
  --
  have you seen my sig? there are many others like it but none that are the same
13. Re:Typical by NatasRevol · 2015-01-09 03:59 · Score: 1
  
  Good point, but it's not the testing teams. It's the dev teams. Put the onus where it should be.
  Testers find bugs.
  Devs create bugs.
  
  --
  There are two types of people in the world: Those who crave closure
14. Re:Typical by Anonymous Coward · 2015-01-09 04:20 · Score: 0
  
  if you think the crooks won't know what fixes are coming and won't be able to plan and act accordingly, i've got some oceanfront property in arizona to sell you.
15. Re:Typical by Anonymous Coward · 2015-01-09 04:44 · Score: 0
  
  All this is a story about is a company that's decided to charge for something they had previously been giving away for free with the expectation that they can generate more revenue.
  Free? I paid for my copy of windows, when I bought it, this was a part of what I purchased.
16. Re:Typical by dissy · 2015-01-09 05:46 · Score: 1
  
  Presumably, a sysadmin in a corporate environment would get a premier account so that they *can* make such necessary plans.
  
  Presumably. This just means I will need the company to pay more than previously for the same service.
  Proven fact however, the "bad guys" make much more money from their crimes than our company does legally. Rest assured that all the "bad guys" that matter already have the resources to pay for this advanced notice and nearly all will do so if they somehow are not already.
  Only the script-kiddies living in the basement that mow lawns for their income will actually be locked out. Any serious actor will not.
  Microsoft just made it a priority to release patch and thus exploit details to the blackhats ahead of most of their legitimate customers.
  *slow golf clap*
  If you are going to help the "bad guys" at the expense of the "good guys", why bother patching any exploit ever?? The exact same end result, but less time, money, and effort needed by MS employees.
17. Re:Typical by Anonymous Coward · 2015-01-09 06:25 · Score: 1
  
  No, what you purchased was a license to use the software, you didn't purchase support.
18. Re:Typical by Anonymous Coward · 2015-01-09 08:12 · Score: 0
  
  What is the deep thinking that went into this action? Why change the established process at all if it was working?
  One of the possible reasons could be the Canada's antispam law. https://krebsonsecurity.com/2014/06/microsoft-kills-security-emails-blames-canada/. Initially it was going to happen half a year ago, but Microsoft backed away. Dunno if there has been some new developments.
19. Re:Typical by Anonymous Coward · 2015-01-09 20:11 · Score: 0
  
  Because they choose to.
A good reason why by Revek · 2015-01-09 02:40 · Score: 1, Insightful

They want to break more shit.
Throwing things at the wall, seeing what sticks by Anonymous Coward · 2015-01-09 02:43 · Score: 0

One part of Microsoft is being good and open sourcing a lot of things and generally being developer friendly. The other part is continuing its evil and monopolistic history, like only rewarding "premium" (aka those who pay through the nose) customers with vital patching information. It's obvious MS is desperate, so they are trying everything and anything that seems to work, that's what they will stick to. Only problem is, this strategy will lead to failure. Imagine a three-legged race with two kids tied together both trying to run in opposite directions. That's MS at the point. As we both know, of course, what will happen is not that one kid will pull the other across the field, but rather that both will topple over and lose. Such a shame MS will never see this and keep on cluelessly flailing until they finally keel over.
Oh, how the great* have fallen.
*great in economic terms, not moral terms
In other words. . . by smooth+wombat · 2015-01-09 02:44 · Score: 4, Insightful

they're continuing their newly established tradition of hiding things from users.
Windows 7 started the trend of burying what used to be easily accessible options. What used to take 2 or 3 steps to accomplish was now, in most cases, doubled, not to mention neutering the Start menu.
Then came Windows 8/8.1 where you couldn't find anything in general, including Control Panel, because everything was a tile with some random combination of characters for a description.
Windows 10 appears to be continuing down this path though they did graciously open the desktop back to the user but still restrict what you can see in the Start menu.
Now they've gone and gotten rid of pre-notification of what the patches they're offering are all about.
At this rate, in a few years there will be nothing but a black hole from which is emitted a particle of Hawking radiation, leaving the user completely in the dark until the moment it arrives.

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
1. Re:In other words. . . by ganjadude · 2015-01-09 02:52 · Score: 4, Interesting
  
  i really dont think windows 7 made it harder to find things, in fact quite the opposite. Between the expanded functionality in the start menu over XP and previous versions, and the faster indexing making search usable finally. Im with you on windows 8 however, it, to me is useless without classic shell installed
  
  --
  have you seen my sig? there are many others like it but none that are the same
2. Re:In other words. . . by jones_supa · 2015-01-09 03:01 · Score: 2
  
  In Windows 8 they also removed the system tray icon notifying about new updates when the option "check for new updates but let me choose when to download and install them" is selected.
3. Re:In other words. . . by Anonymous Coward · 2015-01-09 03:04 · Score: 0
  
  t this rate, in a few years there will be nothing but a black hole from which is emitted a particle of Hawking radiation, leaving the user completely in the dark until the moment it arrives.
  That's the necessary preparation for the coming age of quantum computing on the desktop and mobile. The singularities will take a heavy toll on walkways everywhere.
4. Re:In other words. . . by Anonymous Coward · 2015-01-09 03:08 · Score: 0
  
  It's the exact same as Windows 7 though, at least as of 8.1. Just start typing at the start menu/screen and you'll quickly find what you're looking for, whether it's a program, file, or setting.
5. Re:In other words. . . by Anrego · 2015-01-09 03:26 · Score: 3, Interesting
  
  I still remember trying to set up an older printer on my mothers laptop with windows 8. I spent what felt like a half hour clicking around trying to find the damn printer settings. Eventually I gave up and googled it. The instructions on _Microsoft's_ site used the built in search feature. Even they couldn't figure out the convoluted path to the "add new printer" page. This was my first (though unfortunately not last) experience with windows 8, and subsequent exposure has not gone any better.
  They've sinced changed it, but you can still use archive.org to view the old version:
  Current: http://windows.microsoft.com/e...
  Old: https://web.archive.org/web/20...
6. Re:In other words. . . by ganjadude · 2015-01-09 03:33 · Score: 1
  
  correct, the search got even better on 8 over 7, but the learning curve for where to find everything was a big changeup vs xp-7
  
  --
  have you seen my sig? there are many others like it but none that are the same
7. Re:In other words. . . by Anonymous Coward · 2015-01-09 03:38 · Score: 0
  
  Windows 7 started the trend of burying what used to be easily accessible options. What used to take 2 or 3 steps to accomplish was now, in most cases, doubled, not to mention neutering the Start menu.
  Then came Windows 8/8.1 where you couldn't find anything in general, including Control Panel, because everything was a tile with some random combination of characters for a description.
  
  The instructions on _Microsoft's_ site used the built in search feature. Even they couldn't figure out the convoluted path to the "add new printer" page. This was my first (though unfortunately not last) experience with windows 8, and subsequent exposure has not gone any better
  I don't get why everyone is complaining about the layout in Windows 8. Its really easy to find all those things they the parent and grandparent are talking about. All you have to do is hit the Windows key and type 'Printer' or 'Update' or 'Control Panel'. I, personally, think that is alot easier than digging around menus and clicks just to get what you are looking for.
  I would think this day and age querying for things should be second language for those who use technology.
8. Re:In other words. . . by simplypeachy · 2015-01-09 03:50 · Score: 1
  
  Search in 8 to 7 certainly was certainly wider. Unfortunately the Amazon, Bing and other retailer hits for "Control Panel", "Printers", "Word" and "mmc" were never really that helpful.
9. Re:In other words. . . by Anonymous Coward · 2015-01-09 03:57 · Score: 1
  
  Perhaps they could make the screen a big text window were we could type queries and commands all the time. MS could even provide a prompt in this window. And since we're curious of where to find some feature or action, it could be a "C" prompt - followed by a colon or other terminator.
10. Re:In other words. . . by NatasRevol · 2015-01-09 04:02 · Score: 1
  
  Those last five words...
  
  --
  There are two types of people in the world: Those who crave closure
11. Re:In other words. . . by roman_mir · 2015-01-09 04:07 · Score: 1
  
  I am so glad I don't need to participate in this discussion because I am actually using Linux desktop and have been on it since early 2000s. But I did have to look at Windows past XP and my general impression of everything that is happening to Windows GUI is negative. I have nothing but negative feelings for all new versions of Windows since XP, but of-course I am not a target user anymore, but I did like XP, so that's my anecdote.
  
  --
  You can't handle the truth.
12. Re:In other words. . . by Anonymous Coward · 2015-01-09 04:10 · Score: 0
  
  They broke search in 8, but seem to have made it work again in 8.1
13. Re:In other words. . . by Anonymous Coward · 2015-01-09 04:36 · Score: 0
  
  As an example, how do you edit a file extension in Windows 7? You can select "open with" from the context menu, but what about beyond that? Suppose I want to add an "open" and "edit" option to a particular file type, or I want to change its icon. This is located in "Folder Options" in old versions of Windows, but is completely absent from Windows 7.
  Also, newer versions of Internet Explorer have stopped providing real error messages. Instead, you get a message that says "Internet Explorer cannot display this webpage". There's no distinction between:
  *No HTTP response from remote host
  *Connection reset
  *Connection attempt timed out
  *Hostname not found
  *You have no network card
14. Re:In other words. . . by Anonymous Coward · 2015-01-09 04:46 · Score: 0
  
  Can it help you find the money you spent on a non-necessary upgrade?
15. Re:In other words. . . by Anonymous Coward · 2015-01-09 07:00 · Score: 0
  
  All you have to do is hit the Windows key and type 'Printer' or 'Update' or 'Control Panel'.
  So, what you're saying is, if you know what you're looking for, you can use the proper text to search for it. Meanwhile, if you don't know precisely what you're looking for or don't use the right text, you're at a loss. Too bad you could Graphical show the User in the Interface what was available so they could readily point and touch/click. Fuck, you could even make it into a handy tablet format so they could carry it around instead of having to type things in all the time.
16. Re:In other words. . . by spire3661 · 2015-01-09 07:02 · Score: 1
  
  WE dont mind querying, search is awesome, but the problem is when you abstract everything away, i have no way of verifying the query. I have to trust you are showing me the right data instead of just letting me see it the traditional way. It IS a second language for us, so much so that we can easily see where the holes are.
  
  --
  Good-bye
17. Re:In other words. . . by zacherynuk · 2015-01-09 07:41 · Score: 1
  
  Win 7 didn't make it harder, but you had to jump through several more hoops to DO anything. Changing the time, creating a share etc. Or having to search for the option of turning off the fucking irritating wiggle a window to minimize all or snap to random monitor option.
  MENUS work really fucking well. We shouldn't have to SEARCH for things - prime daily example for me is (Apart from everything MAC OS) is on the Server 2008 (Basically Win7) platform, I have to SEARCH for "common" to toggle "common desktop icons" because they removed the "FEATURE" of having a right click personaliZe.. which could only be brought back by installing the feature "THEMES"
  
  8 / 2012 is just a fucking mess.
18. Re:In other words. . . by Anonymous Coward · 2015-01-09 09:01 · Score: 0
  
  The surprise here being that microsoft.com isn't blocked from archive.org with a robots.txt entry!
19. Re:In other words. . . by Anonymous Coward · 2015-01-09 09:28 · Score: 0
  
  You don't see the problem? The new way was different. Technical people - who have been configuring Windows installs for years - couldn't get simple things done.
  Sure, they learnt the new way, but they resent that there was an unnecessary learning curve. Unnecessary because Microsoft decided to move to Metro UI.
20. Re:In other words. . . by rhodium_mir · 2015-01-11 16:42 · Score: 1
  
  Whoa, this "Linux desktop" you speak of sounds revolutionary. Please tell us more!
  
  --
  You can't spell "oneiromancy" without "roman".
Publicly Publish? by Anonymous Coward · 2015-01-09 03:12 · Score: 0

Department of Redundancy Department
Win Updates used to be ... by CaptainDork · 2015-01-09 03:18 · Score: 1

... something that was plug and play.
I don't know what has introduced the recent sloppy roll-outs, but we've been bitten the last few months what with updates that crack part of the system whereby Microsoft pulls a patch and rolls out a patched patch.
With many computers on the line, this kind of sloppiness creates major headaches in the field and at home.
I'm advising that people wait at least one week to apply patches.so I can Google, "FUCKING PATCHES!"
If that doesn't happen, I drop the white flag and stuff.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Win Updates used to be ... by Anonymous Coward · 2015-01-09 04:11 · Score: 0
  
  I call it Malware Tuesdays. Thank god Papa Johns has Two-for-Tuesday on same day, so I can nice pizzas while fixing my laptop.
2. Re:Win Updates used to be ... by neo-mkrey · 2015-01-09 09:13 · Score: 1
  
  Microsoft laid off over half of their QA people last year, and are now reaping the results. Because, QA, who needs it? Let the users find the bugs.
3. Re:Win Updates used to be ... by Anonymous Coward · 2015-01-09 09:22 · Score: 0
  
  I don't know what has introduced the recent sloppy roll-outs
  You remember those 18,000 employees that Microsoft laid off a few months ago? QA (stateside at Redmond) was hit hard. They don't have the manpower to properly test updates anymore and we're seeing the results in spades, several months in a row we've seen updates released that caused grief for hundreds of thousands of users.
  MSFT stock is up $5 since the layoffs, though, so everything is just peachy keen.
Re:Download a patch today by Anonymous Coward · 2015-01-09 04:08 · Score: 2, Insightful

I did that and now none of my programs work!
Essentially by Anonymous Coward · 2015-01-09 04:14 · Score: 0

They're just making the release of upcoming patch notes a paid service. Probably some MBA deciding they can monetize yet another aspect of something their customers have already paid for once.
Paywalling does not work by Anonymous Coward · 2015-01-09 04:39 · Score: 1

Paywalling doesn't work. Mary Jo Foley will just talk to anonymous enterprise customers and run an article every week about what's in next week's patch. Right now, sites like The Consumerist are an echo chamber for what's behind the WSJ paywall. They "report" on any article behind the WSJ, reporting the few actual facts in the article and stripping out the fluff.
I can help! Next week the 1.9.8.4 patch by Anonymous Coward · 2015-01-09 05:10 · Score: 0

Routes everything through Microsoft, removes all non-approved images and language.

findreplace:re: "we've always been at war with ''".
Re:Download a patch today by Anonymous Coward · 2015-01-09 05:12 · Score: 0

To be honest, they never really worked anyway.
Ri-i-ight! That'll fix the... by CAOgdin · 2015-01-09 05:52 · Score: 1

...growing problem of BadWare (see http://www.forbes.com/sites/ja...) from Redmond!

Just another slip down the old rabbit hole for Microsoft, once-great company now driving by non-technical management who don't understand their business!
Hasn't affected me (Win7 here)... apk by Anonymous Coward · 2015-01-09 18:44 · Score: 0

See subject (that patch = good here) but I did on 12/08/2009 MsPatch Tuesday, that disabled the use of the more efficient plain-jane 0 blocking entries in hosts files!
(Vs. the next most efficient but yet due to length/size, FAR MORE INEFFICIENT vs. 0 entry, in 0.0.0.0 - worst on that basis of fact, is the larger 127.0.0.1)
I reported it, nothing done, to this day (only thing I have vs. Win7's that, but I use it anyhow - otherwise it's great) - more inefficiency, not really a "bug" though.
Oddly though? 0 as a blocking entry in hosts works on Windows 2000->XP->Server 2003 to this day though - just not Windows 7 onwards... too bad.
* Even had a VP from "Windows Client Performance Division" who posted here AGREE with me I was right (figured he'd be the man to talk to, this being a performance thing (speed up off disk on init. reads alone was boosted)) -> http://slashdot.org/comments.p...
Still nothing done - promoting inefficiency in hosts file loadspeed (especially initially off disk).
APK
P.S.=> Funniest part of all, is that Windows 2000 didn't even have 0 yet, until SP#2 - so someone saw the greater efficiency & hosts file load into memory (especially initially off disk) massive speed increase & added it...
To remove the smaller & faster 0 as a valid hosts file blocking entry for Win7 onwards = dumb - seriously dumb: It is a HUGE improvement for efficiency of hosts (gives me a 25% smaller hosts using 0 vs. 0.0.0.0 & 40% improvement over 127.0.0.1 - like compression in a big way, creating smaller filemass to read initially from disk = faster)... apk