Archive

Archive for the ‘ANS’ Category

Evolving Microsoft’s Advance Notification Service in 2015

January 8th, 2015 No comments

Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context.

We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page. 

ANS has always been optimized for large organizations. However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies. While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations. Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organize and prioritize deployment. Customers are also moving to cloud-based systems, which provide continuous updating.

For Premier customers who would still like to receive this information, Microsoft will continue to provide ANS through their Technical Account Manager support representatives. ANS will also continue to be provided to current organizations that are part of our security programs such as the Microsoft Active Protections Program.  For customers without a Premier support contract, we recommend taking advantage of myBulletins, which enables customers to tailor security bulletin information based on only those applications running in their environment.
 
As our customers’ needs change, so must our approach to security. We remain relentless in our commitment to protect customers and the ongoing delivery of secure computing experiences.

Thank you,

Chris Betz
Senior Director, MSRC

Evolving Microsoft’s Advance Notification Service in 2015

January 8th, 2015 No comments

Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context.

We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page. 

ANS has always been optimized for large organizations. However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies. While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations. Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organize and prioritize deployment. Customers are also moving to cloud-based systems, which provide continuous updating.

For Premier customers who would still like to receive this information, Microsoft will continue to provide ANS through their Technical Account Manager support representatives. ANS will also continue to be provided to current organizations that are part of our security programs such as the Microsoft Active Protections Program.  For customers without a Premier support contract, we recommend taking advantage of myBulletins, which enables customers to tailor security bulletin information based on only those applications running in their environment.
 
As our customers’ needs change, so must our approach to security. We remain relentless in our commitment to protect customers and the ongoing delivery of secure computing experiences.

Thank you,

Chris Betz
Senior Director, MSRC

Advance Notification Service for the December 2014 Security Bulletin Release

December 4th, 2014 No comments

Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange.

As per our monthly process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Follow us on Twitter at @MSFTSecResponse

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the December 2014 Security Bulletin Release

December 4th, 2014 No comments

Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange.

As per our monthly process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Follow us on Twitter at @MSFTSecResponse

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the November 2014 Security Bulletin Release

November 6th, 2014 No comments

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

As per our monthly process, we've scheduled the Security Bulletin release for the second Tuesday of the month, November 11, 2014, at approximately 10 a.m. PST. At that time, we'll provide deployment guidance. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

We also want to let you know about a new way we will deliver our Security Bulletins. To streamline the way customers receive our security updates, we are directing customers to resources that will be available on the MSRC blog on Update Tuesday.

Follow us on Twitter at @MSFTSecResponse.

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the November 2014 Security Bulletin Release

November 6th, 2014 No comments

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

As per our monthly process, we've scheduled the Security Bulletin release for the second Tuesday of the month, November 11, 2014, at approximately 10 a.m. PST. At that time, we'll provide deployment guidance. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

We also want to let you know about a new way we will deliver our Security Bulletins. To streamline the way customers receive our security updates, we are directing customers to resources that will be available on the MSRC blog on Update Tuesday.

Follow us on Twitter at @MSFTSecResponse.

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the October 2014 Security Bulletin Release

October 9th, 2014 No comments

Today, we provide advance notification for the release of nine Security Bulletins. Three of these updates are rated Critical, five are rated as Important, and one is rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, .NET Framework, and ASP.NET.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, October 14, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

As a reminder, we are now using a new format for our Security Bulletin Webcast, scheduled on Wednesday, October 15, at 11 a.m. PDT. You are no longer required to register, download the Live Meeting client, or dial in to a separate number. A link to the Webcast will be included in our blog next Tuesday.

You can follow us on Twitter at @MSFTSecResponse

Thank you,

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the October 2014 Security Bulletin Release

October 9th, 2014 No comments

Today, we provide advance notification for the release of nine Security Bulletins. Three of these updates are rated Critical, five are rated as Important, and one is rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, .NET Framework, and ASP.NET.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, October 14, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

As a reminder, we are now using a new format for our Security Bulletin Webcast, scheduled on Wednesday, October 15, at 11 a.m. PDT. You are no longer required to register, download the Live Meeting client, or dial in to a separate number. A link to the Webcast will be included in our blog next Tuesday.

You can follow us on Twitter at @MSFTSecResponse

Thank you,

Tracey Pretorius, Director
Response Communications

Get advance notice about September 2014 security updates

September 4th, 2014 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the September security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it. 

Learn how to install Windows Updates in Windows 7.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications

Advance Notification Service for the September 2014 Security Bulletin Release

September 4th, 2014 No comments

Today, we provide advance notification for the release of four Security Bulletins. One of these updates is rated Critical and three are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer, .NET Framework and Lync.

As a reminder, we are now using a new format for our Security Bulletin Webcast, scheduled on Wednesday, September 10, at 11 a.m. PDT. You are no longer required to register, download the Live Meeting client, or dial in to a separate number. A link to the Webcast will be included in our blog next Tuesday.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, September 9, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

You can follow us on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Advance Notification Service for the September 2014 Security Bulletin Release

September 4th, 2014 No comments

Today, we provide advance notification for the release of four Security Bulletins. One of these updates is rated Critical and three are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer, .NET Framework and Lync.

As a reminder, we are now using a new format for our Security Bulletin Webcast, scheduled on Wednesday, September 10, at 11 a.m. PDT. You are no longer required to register, download the Live Meeting client, or dial in to a separate number. A link to the Webcast will be included in our blog next Tuesday.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, September 9, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

You can follow us on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Get advance notice about September 2014 security updates

September 4th, 2014 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the September security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it.

Learn how to install Windows Updates in Windows 7.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications

Get advance notice about August 2014 security updates

August 7th, 2014 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the August security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it. 

Learn how to install Windows Updates in Windows 7.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications

Advance Notification Service for the August 2014 Security Bulletin Release

August 7th, 2014 No comments

Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, August 12, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s Updates.

We will also plan to have our Security Bulletin Webcast, scheduled on Wednesday, August 13, at 11 a.m. PDT, on our Trustworthy Computing UStream Channel. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment. Don’t forget, you can also follow us on Twitter at @MSFTSecResponse. 

Thank you, 

Dustin Childs Group Manager,

Response Communications Microsoft Trustworthy Computing 

Categories: ANS Tags:

Advance Notification Service for the August 2014 Security Bulletin Release

August 7th, 2014 No comments

Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, August 12, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s Updates.

We will also plan to have our Security Bulletin Webcast, scheduled on Wednesday, August 13, at 11 a.m. PDT, on our Trustworthy Computing UStream Channel. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment. Don’t forget, you can also follow us on Twitter at @MSFTSecResponse. 

Thank you, 

Dustin Childs Group Manager,

Response Communications Microsoft Trustworthy Computing 

Categories: ANS Tags:

Get advance notice about July 2014 security updates

July 3rd, 2014 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the July security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it. 

Learn how to install Windows Updates in Windows 7.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications

Advance Notification Service for the July 2014 Security Bulletin Release

July 3rd, 2014 No comments

Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer.

This month we will also premier the new format for our Security Bulletin Webcast, scheduled on Wednesday, July 9, at 11 a.m. PDT. Registration, downloading the Live Meeting client, and dialing in to a separate number will no longer be required. You can find details on how to view the webcast here.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, July 8, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s Updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Don’t forget, you can also follow us on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Advance Notification Service for the June 2014 Security Bulletin Release

June 5th, 2014 No comments

Today we provide advance notification for the release of seven Bulletins, two rated Critical and five rated Important in severity. These Updates are for Microsoft Windows, Microsoft Office and Internet Explorer. The Update for Internet Explorer addresses CVE-2014-1770, which we have not seen used in any active attacks.

Also, in case you missed it, last month we released Security Advisory 2871997 to further enhance credentials management and protections on Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012.  Since then, we have received some questions about the functionality changes introduced by the advisory.  Over on the Security Research & Defense (SRD) blog, Joe Bailek from the MRSC Engineering team provides an overview of those changes, their impact and some other important configuration changes that can be made in conjunction with the update to further improve system security.  I recommend you take a few moments to read the SRD blog and consider implementing some or all of the changes in your environment.

As always, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, June 10, 2014, at approximately 10:00 a.m. PDT.  Revisit this blog then for analysis of the relative risk and impact, as well as deployment guidance, together with a brief video overview of the month’s Updates.  Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Don’t forget, you can also follow the MSRC team’s recent activity on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Advance Notification Service for the May 2014 Security Bulletin Release

Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows.

As we do every month, we’ve scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for deployment priorities and security bulletin testing.

You can follow us on Twitter. The MSRC handle is @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Get advance notice about May 2014 security updates

May 8th, 2014 No comments

Today, the Microsoft Security Response Center (MSRC) posted details about the May security updates.

If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar—be sure to click it.

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it. 

Learn how to install Windows Updates in Windows 7.

If you are a technical professional

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to enable customers (especially IT professionals) to plan for effective deployment of security updates.

Sign up for security notifications