Skip to main content

IT security expert condemns Microsoft for its 'assault on IT security teams'

Microsoft has announced that it is to stop offering an advanced notification service (ANS).

The advanced notifications will now only be offered to “premier customers and current organisations involved in our security programs”, and will no longer be made broadly available through a blog post and web page, according to MSRC senior director Chris Betz.

He said: “ANS has always been optimised for large organisations. However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimised testing and deployment methodologies.

“While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organisations. Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organise and prioritise deployment. Customers are also moving to cloud-based systems, which provide continuous updating.”

Commenting, Ross Barrett, senior manager of security engineering at Rapid7,described the decision as “shocking”. He said: “This is an assault on IT and IT security teams everywhere. Making this change without any lead up time is simply oblivious to the impact this will have in the real world. Microsoft is basically going back to a message of “just blindly trust” that we will patch everything for you.”

Qualys CTO Wolfgang Kandek said that he always thought that customers were interested in the information contained in ANS, but we will see how that works out.

The post Microsoft to abandon patch advance notifications appeared first on IT Security Guru.