More thoughtful updates from Microsoft

Microsoft will change its monthly security bulletins in the fall.

Microsoft releases security bulletins on the second Tuesday of each month that indicate which Windows operating systems or applications need to be patched to help prevent potential damage.

The company has reviewed its procedures for its monthly security updates and has decided to make its bug fixes even more effective from October. You want to achieve this primarily by notifying security companies of various vulnerabilities before updates are released. Although Microsoft is currently issuing preliminary notices, they do not provide specific technical details about the vulnerabilities. This is primarily because Microsoft does not want to help attackers create code that could be used to exploit the vulnerabilities.

However, Microsoft has seen that by notifying security companies in advance of vulnerabilities to be fixed, vulnerabilities can be addressed more effectively overall. The company intends to do all this through the Microsoft Active Protections Program (MAPP). According to the news so far, Juniper Networks, 3Com TippingPoint and IBM will receive preliminary technical information from October, but of course the range of these companies may expand until the autumn.

David Endler, one of the directors of TippingPoint, praised Microsoft's decision. According to him, if the details of the vulnerabilities are obtained even just one day before the bug fixes, then that is already a significant step forward, since in this way security solutions can be prepared for protection earlier. "24 hours of great help." - said the specialist.

Since the fall, Microsoft has been trying to provide both individual and corporate users with tools that make it easier for them to assess the risk of individual vulnerabilities. In addition to the current danger categories, each announcement will include a so-called Exploitability Index, which will make it easier than before to assess the probability of exploiting a bug. This will make it easier to separate those security holes that can "only" lead to the collapse of Windows or applications, and those that can also contribute to taking over complete control of the affected systems.