Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft advanced notification service changes. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft advanced notification service changes.

Quite a few of you have written in to let us know that Microsoft is changing the way in which they provide information (thanks to you all).  You can read the full blog here --> http://blogs.technet.com/b/msrc/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx 

In a nutshell if you want to be advised in advance you now need to register, select the products used and you will then be provided with information relating to the patches that will be released.  If you are a premier customer your technical contact can provide information. 

The main point for me is this one

"Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page"

Now a lot of us do look at that information to plan their next patching cycle.  So you will need to look at that process and see what needs changing.  You'll have to rely on the information in your patching solution, or register.  

You can register here:   http://mybulletins.technet.microsoft.com/

The dashboard that is created in the end looks nice, but for me to early to tell how useful it is at this stage, although it was slightly painful to review each bulletin. It will take a few patch cycles to sort it all out I'd say.  

So going forward you will need to adjust how you identify the patches to be applied within your environment.  If you do not want to register you can just visit the main bulletins page here --> https://technet.microsoft.com/en-us/library/security/dn631937.aspx

This page has a list of all release bulletins. 

Cheers

Mark H

 

 

 

Mark

391 Posts
ISC Handler
Wow, talk about blindside. All they would have really needed to do was to use the Email method one last time in Dec and tell the folks about the ANS change that way as opposed to just black holing them.

So, even after signing up, I still dont see the advance notice for Jan. Anybody know if they are on track to release bulletins on 1/13?

On the generic page https://technet.microsoft.com/en-us/security/bulletin they do say 1/13 is the next release date. Not sure why they don't have the advance notice available on that page. I get the impression there has not been an advance notice yet. Anybody know if that is not the case?
TexISO

19 Posts
The My Bulletins page is a joke. In the 21st century, the idea of remembering to manually going to a website each month, manually typing in a date range, and then clicking into each listed entry to view information about it is ridiculous. It is essentially useless.
T

31 Posts
I don't have to login to see:

"Description of Software Update Services and Windows Server Update Services changes in content for 2015 "
"This is a summary of the new and changed content to be released on Tuesday, January 13, 2015."
"New non-security content:"

Source: http://support.microsoft.com/kb/894199

It makes little sense to me why they want to restrict ASN.
T
1 Posts
What does this mean for the notifications that the Internet Storm Center posts in your diary? This was my go-to for the notifications since you do/did an excellent job of summarizing them.
Jon

1 Posts
They are still providing advanced notification to security partners and premium clients. I guess we'll see if we fall into either category and take it from there. Like all we'll have to change our process and see how we can provide the same info going forwards.

Regards

M
Mark

391 Posts
ISC Handler
So is this new dashboard thing actually working for anyone today?

Logged in, picked my products, hit the "Create Dashboard" link, and it's just been a spinning Wait doughnut for the last ten minutes...
Jaybone

27 Posts
The new dashboard unfortunately does not have information about updates that are about to be released, only those that have been released.

We use the ANS system to gauge how hard we will be hit on Update Tuesday. There is really nothing significant divulged in the advanced notifications, but it’s good to know if we are getting hit with two updates or twenty.

Perhaps even more ironic was Chris Betz tirade today against Google's disclosure of a vulnerability that Microsoft is going to release an update for tomorrow.

http://blogs.technet.com/b/msrc/

Perhaps we can get Google to issue the ANS messages since Microsoft is so intent in not doing so.
MrBill

3 Posts
Well, it's working now; for a rather poor definition of 'working'.

I ticked that I was interested in everything I have on physical HW, VMs and dev VMs and then went back to last month...

I got 336 "records" !!! So many duplicates; sigh.
UnknownNick

11 Posts

Sign Up for Free or Log In to start participating in the conversation!