Microsoft To Broaden Security-Patch Software

The company says data security is by far its most important area of investment.
In a move to quiet customer complaints about the difficulty of securing its software against cyberattacks, Microsoft on Tuesday said it plans to release technology this year for making sure its latest patches are downloaded to more PCs.

Microsoft plans to release during the second half of the year software called Windows Update Services that it says will let companies download and install security patches it issues to fix vulnerabilities in Windows, Office, and other Microsoft products. The software, to be available as a free download for customers running Windows Server 2003, aims to replace a hodgepodge of installation techniques used by small and midsize companies today, senior VP Bob Muglia said during an interview at the Microsoft Management Summit conference in Las Vegas.

"The key for customers is getting these patches down," Muglia says. "The biggest issue right now is that when we issue a patch, it can take them weeks to get it installed after they're done testing it. We want it done right away."

Security flaws in Microsoft products have left many companies susceptible to Internet-borne viruses and worms, and Microsoft executives have said the flaws have caused some customers to delay purchasing plans for its business software. In a speech Tuesday, Muglia called data security by far the most important area of investment inside Microsoft.

Windows Update Services, which Microsoft is testing with hundreds of its customers, aims to replace methods that small and midsize companies use to apply Microsoft-issued patches, including software from other companies, Windows' built-in update feature for desktop PCs, and Microsoft's more-sophisticated Systems Management Server, aimed at large companies. Windows Update Services will replace a current Microsoft technology called Software Update Services. The new software can apply patches to Windows, will be able to patch Office apps by a summer round of testing, and eventually will handle patches for other Microsoft products, including Exchange and SQL Server, Muglia says. It can also install patches in pieces, detecting when a user's computer is least busy.

"Windows should know how to patch itself and any apps that run on it," Muglia says. Microsoft is working on the future capability for Windows Update Services to eventually install security patches and other updates from third-party software vendors and those written by business customers' IT departments. That work is slated to appear in Windows Longhorn and an associated developer tool suite code-named Orcas, expected in three to four years.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing