Sunday, January 11, 2015

Microsoft Kills Public Patch Tuesday Advance Notifications; Now for Paid Members Only





Microsoft began issuing Patch Tuesday updates publically in advance over ten years ago, but from next every second Tuesday of the Month, if you want to see what security patches Microsoft is going to issue, then you will have to pay for it.

UPDATE ALERTS FOR PAID CUSTOMERS ONLY

Yes right, Microsoft has decided to ditch its Advanced Notification Service (ANS) and will no longer be releasing a public blog post to preview what is to come on Patch Tuesday.
Microsoft is facing fierce criticism by industry experts for its decision to make advanced security bulletin available only to those who pay a premium.

Note: Only advance notifications are now paid, but security updates/patches are free.

NO MORE "OUT-OF-BAND" PUBLIC SECURITY ALERTS

In the post on the Microsoft Security Response Center blog, Chris Betz, senior director at Microsoft's security research arm, said:
"more and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations. Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organize and prioritize deployment. Customers are also moving to cloud-based systems, which provide continuous updating."
The change in Microsoft's Advanced Notification Service (ANS) also applies to the occasional alerts that Microsoft issued when it gave customers a heads-up about an impending emergency patch i.e. public alerts for "out-of-band” updates.

WHAT-THE-HACK [FREE ADVANCE ALERTS]

Within a couple of hours after the Microsoft announcement, we were getting Whatsapp messages and emails from our readers and colleagues about it and none of them seemed to be happy about the decision. But don't be sad because there is a hack to get advance notification without being a premium Microsoft member.
A Microsoft spokesperson informed ZDnet author that those who receive the advanced notification service information won’t have to sign an NDA. That means anyone from premium member is free to publish it publicly just after receiving advance notices.

MICROSOFT's my Bulletins DASHBOARD

Microsoft has offered an alternative way for administrators who aren't Microsoft customers to see which patches and updates they need to apply. myBulletins - a new online security bulletin customization service which is all responsible for identifying, monitoring and managing patching and security for the organisation.

Unfortunately, myBulletins does not send notifications - you must log in using your Microsoft Account to the service to see the security bulletins.