Microsoft has retrofitted two things: its advanced notifications of security bulletins—formerly so devoid of detail that customers complained it was like knowing a hurricane was coming but not when—and a finicky IE patch that wouldn't start IE for some users.
Responding to customer requests for more detail, the company will debut a new ANS (Advanced Notification Service) format when it next comes out on June 7. The ANS notice usually comes on the Thursday before Patch Tuesday.
The big change will be that each bulletin will carry information on maximum severity, vulnerability impact, detection and affected products. Previously, Microsoft provided those subsets of information only by platform.
Microsoft Security Resource Center's Mark Miller said in a blog post that the change is meant to help out customers who need more information in order to brace for patch testing and deployment.
The ANS will now be published at the same URL used for a given month's security bulletin summary page.
Microsoft is turning the previous site for the ANS into a simple landing page that describes the service. The June ANS will be located here when it comes out on June 7 at 10 a.m. Pacific time. To subscribe to the ANS and other alerts, go here.
The look of Microsoft's security bulletins also is getting a makeover. Miller said customers like the level of detail but want to get to the severity and its applicability to their environment more quickly. The new design moves decision-making information to the top of the page, replaces a list of affected products with a table that links to update download locations, cuts down on repetition, clarifies section titles and rearranges content in a more intuitive fashion.
Microsoft has posted a demo of what the new format will look like.
And regarding its fussy IE patch, MS07-027: Some customers who change the default locations of the "Temporary Internet Files" after applying the patch have found that they see the File Download—Security Warning dialog box after starting IE. After closing the dialog, those users couldn't open IE. Microsoft ascribed the glitch to different permissions on the custom Temporary Internet Files directory and the Temporary Internet Files directory.
The 1.2 version of the patch gives two options and sets of instructions for fixing the glitch: Reset the Temporary Internet Files directory back to the default directory, or change the permissions on the custom directory to match.