Microsoft Retrofits Security Alerts, IE Patch

Responding to customer requests for more detail, the company will debut a new ANS (Advanced Notification Service) format when it next comes out on June 7.

Microsoft has retrofitted two things: its advanced notifications of security bulletins—formerly so devoid of detail that customers complained it was like knowing a hurricane was coming but not when—and a finicky IE patch that wouldnt start IE for some users.

Responding to customer requests for more detail, the company will debut a new ANS (Advanced Notification Service) format when it next comes out on June 7. The ANS notice usually comes on the Thursday before Patch Tuesday.

The big change will be that each bulletin will carry information on maximum severity, vulnerability impact, detection and affected products. Previously, Microsoft provided those subsets of information only by platform.

Microsoft Security Resource Centers Mark Miller said in a blog post that the change is meant to help out customers who need more information in order to brace for patch testing and deployment.

/zimages/2/28571.gifClick here to read more about a Microsoft ANI patch causing problems with third-party apps.

The ANS will now be published at the same URL used for a given months security bulletin summary page.

Microsoft is turning the previous site for the ANS into a simple landing page that describes the service. The June ANS will be located here when it comes out on June 7 at 10 a.m. Pacific time. To subscribe to the ANS and other alerts, go here.

The look of Microsofts security bulletins also is getting a makeover. Miller said customers like the level of detail but want to get to the severity and its applicability to their environment more quickly. The new design moves decision-making information to the top of the page, replaces a list of affected products with a table that links to update download locations, cuts down on repetition, clarifies section titles and rearranges content in a more intuitive fashion.

Microsoft has posted a demo of what the new format will look like.

And regarding its fussy IE patch, MS07-027: Some customers who change the default locations of the "Temporary Internet Files" after applying the patch have found that they see the File Download—Security Warning dialog box after starting IE. After closing the dialog, those users couldnt open IE. Microsoft ascribed the glitch to different permissions on the custom Temporary Internet Files directory and the Temporary Internet Files directory.

The 1.2 version of the patch gives two options and sets of instructions for fixing the glitch: Reset the Temporary Internet Files directory back to the default directory, or change the permissions on the custom directory to match.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.