Microsoft revamps Patch Tuesday advance notice, security bulletins

Microsoft plans to implement a major change to the Patch Tuesday advance notice mechanism to provide more details ahead of the release of security bulletins. The security bulletins are also undergoing a layout/design makeover.

Instead of the current bare-bones note with the the affected platform and the highest possible severity rating, the Microsoft Security Response Center (MSRC) will release a summary page (similar to this one) that gives more details on the actual products affected and the potential impact of the vulnerability.

Starting next month, the advance notice subset will contain the following for each bulletin and will not be grouped by just the platform:

• Maximum Severity Rating
• Impact of Vulnerability
• Detection information
• Affected Software

Once the security bulletins are released on the second Tuesday of the month, the bulletin summary page will be updated with complete details.

The design and layout of the security bulletins will also be changed to allow end users to quickly determine the severity of the bulletin and its applicability to their specific environment.

According to the MSRC's Mark Miller, the new bulletins will:

• Move all applicable decision making information to the top of the page
• Create a table of affected products (instead of a list) with links to the download location of the updates
• Change the section titles to be more representative of the content under them
• Re-arrange content to areas that make them more intuitive to find
• Reduce some of the repetitive content in the bulletin

Here is an example of the new layout of the Microsoft security bulletins.