In-depth

Why Microsoft needs to realise forewarned means forearmed on security

Davey Winder explains why Microsoft is mad to halt its Patch Tuesday Advanced Notification alerts for all users

Storm warning

Microsoft has taken the decision to keep its customers less informed about security issues, if a recent blog by Chris Betz, the senior director of the firm's Security Response Centre, is anything to go by. 

The post revealed the software giant is to cease to offering users advanced warning about the software updates it plans to roll out during its monthly Patch Tuesday event, unless they pay.  

"We are making changes to how we distribute ANS [Advanced Notification Services] to customers. Moving forward, we will provide ANS information directly to Premier customers and current organisations involved in our security programs, and will no longer make this information broadly available through a blog post and web page," Betz wrote.

If you happen to be part of the premium customer program, or a Microsoft Active Protections Program partner like many security vendors, then you will still get advanced warning. Everyone else can, apparently, go swivel.

I sincerely hope and expect the ANS information will be leaked online and published anyway, as this kind of advanced notification is vital to IT admins wanting to plan updates and patches, as downtime scheduling and immediate testing is only possible with advance warning.

Quite how anyone thinks it is helping the overall security posture of Microsoft to disengage from customers in this way, unless they open their wallets and become premium customers, is frankly beyond me. Transparency is something I have banged on and on about over the years, and while the updates will continue by muddying the waters ahead of their release, visibility of what's to come will be reduced, so unexpected accidents could happen.

All this move will accomplish is that organisations at the smaller end of the enterprise spectrum, who cannot afford to be a Microsoft Premium Partner, will be exposed to known vulnerabilities for longer periods than those who pay up as they will no longer be able to do the required legwork ahead of the release. Surely this is not rocket science? Surely this is obvious to Microsoft? Surely the only motivation behind this move is money?

Viewed in conjunction with the findings from a new ESET security report, which suggests Microsoft fixed almost twice as many vulnerabilities across the product range in 2014 than it did in 2013, I can only conclude that Microsoft has become disconnected from the important matter of customer security and trust.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Microsoft hit with formal complaint over "monopolistic" software bundling
collaboration

Microsoft hit with formal complaint over "monopolistic" software bundling

29 Nov 2021
Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

26 Nov 2021
Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Hackers use SquirrelWaffle malware to hack Exchange servers in new campaign
malware

Hackers use SquirrelWaffle malware to hack Exchange servers in new campaign

22 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021