Inside the MSRC– The Monthly Security Update Releases
Inside the MSRC– The Monthly Security Update Releases For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence. October 2003 ushered in what became known as Update Tuesday. How and when Microsoft releases new products and services in market products has changed over the years, but the monthly delivery of security content has remained steady. So how do we decide what goes into a monthly security release? That decision largely rides on required customer action and risk. Required customer action is realized through products where customers need to take action to protect themselves against a vulnerability. For consumers, protection [ more… ]