For more than a decade Microsoft Corp. released a public alert about the patches and updates the company will be pushing out each month in what has come to be known as Patch Tuesday.
Instead of issuing its traditional Advance Notification Service, Microsoft yesterday announced that it was dropping the free service and limiting ANS bulletins to customers who pay for premium support.
Chris Betz, senior director of the Microsoft Security Response Centre (MSRC) also said the company will also no longer provide non-Premier customers and organizations involved in Microsoft’s security programs the occasional or “out-of-ban” updates it issues when there is an impending emergency patch.
“We are making changes to how we distribute ANS to customers,” Betz said in an official Microsoft blog yesterday. “Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs and will no longer make this information broadly available through a blog post and web page.”
Premier customers will still receive ANS through their technical account manager support representatives. ANS will also still be available to organizations that are part of Microsoft’s security programs such as the Microsoft Active Protections Program.
He said Microsoft has received feedback indicating that many large customers of Microsoft no longer use ANS as they did in the past and many are moving to cloud-based systems that provide continuous updates.”
“More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organization,” he said. “Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help prioritize deployment.”
Some security professionals interviewed by Computerworld.com voiced disapproval of Microsoft’s latest move.
Ross Barrett, senior manager of U.S.-based IT security firm Rapid7, called it “an assault on IT and IT security teams everywhere.”
Microsoft had gone from “free to fee” for no apparent reason, according to Andrew Storms, vice-president of security services at security consultancy firm New Context. He believes the move has something to do with the recent reorganizations and job cuts at Microsoft and that the company is “trying to make ends meet.”
John Rudolph, principal software engineer at Core Security, said Microsoft is “hiding their security report card” from the public.