Microsoft Pulls Patch Tuesday Early Alert Service

Written by DH Kass 1
January 11, 2015

Microsoft restricted to paying customers its long-standing public Advanced Notification Service issued ahead of its monthly Patch Tuesday security patch bulletins.

Microsoft (MSFT) late last week restricted to paying customers its long-standing public Advanced Notification Service (ANS) issued ahead of its monthly Patch Tuesday security patch bulletins.

The vendor’s ANS alerts typically were posted on Microsoft’s website on the Thursday before the next Patch Tuesday. In a move easily interpreted as counter to growing security concerns, Microsoft said it will reserve the 10-year old early alert service for its Premium support customers.

“Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance about the security updates being released for Microsoft products and services each month,” Chris Betz, Microsoft Security Response Center senior director, wrote in a blog post.

“Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page,” Betz said.

Microsoft also said it no longer will inform the public when an emergency patch is forthcoming, reserving that level of notification for paying customers.

In justifying the policy change, Betz suggested streamlining motivated the move. Basically, ANS had outlived its usefulness and customers weren’t using it, he said.

“ANS has always been optimized for large organizations,” Betz wrote. “However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies. While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically,” he said.

As for its paying Premier support customers, Microsoft will provide ANS-based alerts through account-assigned technical support reps and also to members of its security Active Protections Program, Betz said.

The rest of us will need to turn to the vendor’s myBulletins web page to “tailor security bulletin information based on only those applications running in their environment,” Betz wrote.