Improvements to Microsoft Security Reponse Communications

["Microsoft" <0_41167_04BF067D-4CF8-4245-B5C1-58573E5746A8_US () Newsletters Microsoft com>]

-----BEGIN PGP SIGNED MESSAGE-----

Dear Microsoft Customer,

I'm taking the unusual step of sending this mail to the Microsoft 
Security Notification Service mailing list to tell you about some 
changes in communications practices that the Microsoft 
Security Response Center is making.

Customer feedback tells us that, while technical professionals 
value our security bulletins, many end-users find them overly 
detailed and confusing.  In addition, end-users who subscribe 
to the Microsoft Security Notification Service receive bulletins 
that are of interest only to developers or system 
administrators.  

To help customers, for each issue, we will now create a less 
technical end-user security bulletin that we will host at 
http://www.microsoft.com/security/.  We will continue to 
release the current security bulletins targeted to technical 
professionals. The new end-user security bulletins will describe 
straightforward steps that customers can take to help keep 
their systems secure.  

In addition, before year's end, we will create a new End User 
Security Notification Service that will notify customers of 
security issues in end-user-oriented products and provide a link 
to the appropriate end-user security bulletin.
 
The TechNet security bulletins will continue to include technical 
details that enable IT professionals to determine where and 
whether a patch is needed or whether workarounds are an 
appropriate alternative.  

We have also received feedback that, while many customers 
rely on our Security Bulletin Severity Ratings to help them 
decide which patches to apply, they find that the ratings fail to 
clearly identify the most serious issues.  There is also a 
widespread feeling that the Severity Ratings are difficult to 
understand and apply. For these reasons, we have modified the 
Severity Rating criteria to help customers more easily evaluate 
the impact of security issues. We hope that this more 
prescriptive guidance will help you distinguish the most urgent 
security issues. I encourage you to review the updated 
Microsoft Security Response Center Security Bulletin Severity 
Rating System at  
http://www.microsoft.com/technet/security/policy/rating.asp

Microsoft is committed to help keep your systems safe. As part 
of that commitment, we regularly review customer feedback 
and update our security response process to ensure that we are 
doing all we can to meet your needs.  We appreciate your 
feedback and hope that you will find that these changes help 
you keep your systems secure.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBPdkuIY0ZSRQxA/UrAQEm4wf+MJEySxj3zqhSIKIQVSJ2ZGMLQQSm6mpX
ZLgNPmzRysl9fsXjhTj+xk6vPTMig3IWgG9qYZu88wnIvLcoTaunwC4jJ+Wgk2xG
o3uXU5ZoilIvSdTAPqLKB2EagH7EKYpB90+R1M9JNZbHbZolCQtbxIpic/pH55IQ
fhjN4vYpn9iDnZ2FlgPL2dcPmMDa1PcKPHAyOTDxeoM9ioHTno8wCM8v+mjL0GLn
zyC4yaeEl0OpPUiRC8CQTKjGNmnP1W9STgSr490PUn42+DtXWLTn6Y8gkr8dxFPo
gU9RMYPpd6+v8wSe1taoQTJTwqJhYYHODetKVNuGK00oNs229YhyMA==
=tkoQ
-----END PGP SIGNATURE-----


*******************************************************************

You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification 
Service.  For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.
 
To verify the digital signature on this bulletin, please download our PGP key at 
http://www.microsoft.com/technet/security/notify.asp.
 
To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at 
http://register.microsoft.com/regsys/pic.asp 
 
If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via 
email as described below:
Reply to this message with the word UNSUBSCRIBE in the Subject line.
 
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at 
http://www.microsoft.com/security.