ANS and Security Bulletin Updates

Hello everyone,


This is Mark Miller again to let you know about some additional changes we are making this month. In April, we announced changes to our blog site. This month we are announcing changes to our Advanced Notification Service (ANS) as well as some changes we are planning to make to the format of our security bulletins in June.


ANS changes:

As you know, the Thursday before Tuesday’s normal security update release, we send out an advanced notification letting you know what platforms are going to be impacted by the security updates and the maximum severity rating. The information is currently grouped and rolled up by platform (Windows, Office, etc.). This was implemented based on customer feedback that more time and information was needed to plan for testing and deployment. We’ve received positive feedback on the ANS, but customers have also told us that additional information  would be even more helpful. Based on that, we are incorporating additional detail about the upcoming security updates. We plan to implement this change with June’s ANS release on Thursday, June 7.  


The new ANS is essentially a subset of the monthly bulletin summary we publish the second Tuesday of each month. As such, the ANS will now be published at the same URL used for that months security bulletin summary page (example below). For those not familiar with the monthly bulletin summary, it is a high level overview of the bulletins released for a given month that includes a list of bulletins, severity rating, impact, affected software, download locations for the updates, general deployment information and a single list of acknowledgements thanking those who have practiced responsible disclosure in reporting the vulnerabilities the bulletins address. Moving forward, the ANS subset will contain the following for each bulletin and not be grouped by just the platform:

·         Maximum Severity Rating

·         Impact of Vulnerability

·         Detection information

·         Affected Software

Once the security bulletins are released on the second Tuesday of the month, the bulletin summary page will be updated with complete details. For reference, the bulletin summary for May can be found here:

The old location of the ANS will now become a simple landing page describing the service and the monthly bulletin summary page will serve as the ANS. For June, the ANS will be located here when its published on the 7th at 10:00 AM Pacific time:

As always, you can subscribe to the ANS and other alerts here:


Security Bulletin Design Changes:

We’ve also spent a lot of time talking to customers about the layout of our security bulletins and how we can improve them. Customers very clearly pointed out that they were satisfied with the level of technical detail in the bulletins but needed to be able to more quickly determine the severity of the bulletin and its applicability to their environment. With that in mind, we set out to accomplish the following goals:


·         Move all applicable decision making information to the top of the page

·         Create a table of affected products (instead of a list) with links to the download location of the updates

·         Change the section titles to be more representative of the content under them

·         Re-arrange content to areas that make them more intuitive to find

·         Reduce some of the repetitive content in the bulletin


Rather than try to fully describe the changes to the bulletin format, we have provided a sample of an actual bulletin (MS07-016 Cumulative Security Update for Internet Explorer (928090)) for you to preview:


We hope that these changes make your decision making process more efficient. We will continue to listen to your feedback and implement additional changes as needed.


Thanks! We appreciate all the feedback!


*This posting is provided “AS IS” with no warranties, and confers no rights.*