Microsoft is tweaking some elements of its security update process in an attempt to respond to customer demands for more comprehensive information regarding software patches before and after they are released. Microsoft is tweaking some elements of its security update process in an attempt to respond to customer demands for more comprehensive information regarding software patches before and after they are released.Beginning in June, officials with the Microsoft Security Response Center (MSRC) said the company will start offering more detailed descriptions about its upcoming Patch Tuesday security updates in its Advance Notification Service (ANS), which is issued the first Thursday of every month, prior to the official bulletin release.In a blog posted to the MSRC site, Microsoft said it will specifically provide additional information including vulnerability severity ratings, any potential impact of the reported flaws, and the affected software products affected by each security bulletin, in hopes of appeasing its customers. The company has been widely criticized in the past for giving its users far too vague notices of what they should expect to arrive each Patch Tuesday. The problem has become particularly acute as hackers utilize so-called zero day vulnerabilities to exploit Microsoft products, leaving customers waiting for specific updates to close the software holes that are being attacked.In addition, Microsoft reported that the new ANS format will be publish on the company’s monthly security bulletin summary page as a subset of the report, and then updated with complete details once the security bulletins are released. In the past the company’s Web site has often forced users to click through multiple pages and summaries to get to the specifics of a particular vulnerability. ANS will also move to a new URL starting on June 7. (http://www.microsoft.com/technet/security/Bulletin/ms07-jun.mspx)Microsoft said that it is also editing the layout of its security bulletins to help customers more easily determine the severity of a bulletin and how they might be affected. Among the formatting changes are the transition of vulnerability response advice to the top of the ANS page, new tables listing affected products with links to the specific download location of related updates, and a move to new section titles considered by the software maker to be more representative of the content they address. A sample version of the new report layout is available here.“This was implemented based on customer feedback that more time and information was needed to plan for testing and deployment,” said MSRC Director Mark Miller in his blog. “We’ve received positive feedback on the ANS, but customers have also told us that additional information would be even more helpful. Based on that, we are incorporating additional detail about the upcoming security updates.”Microsoft has been talking about becoming more forthcoming with divulging vulnerability details for some time, making it bulletins more accessible and to-the-point would certainly seem to be an important step in that direction. Security