Microsoft unveils two programs to help customers patch

August 5, 2008
Microsoft on Tuesday announced two initiatives to help better protect users applying the software giant's monthly patches.

Under the Microsoft Active Protections Program (MAPP), Microsoft will share vulnerability details with approved software security providers prior to the monthly fixes being released, Mike Reavey, group manager for the Microsoft Security Response Center told SCMagazineUS.com on Tuesday. This will allow security firms to immediately protect their customers once the patches are delivered.

"The goal of the program will be to provide information just in time to where the defendants can create strong signatures but limit the chance of the information getting into the hands of a bad guy," Reavey said.

Microsoft is now accepting applications from security software makers who want to participate.

Microsoft also announced at the Black Hat conference on Tuesday the upcoming launch of its new Exploitability Index, he said. The tool will be included with security updates to enable users to measure the likelihood of the flaw in question being exploited.

Each vulnerability will be placed into one of the three categories, depending on whether "consistent" exploit code is likely, whether "inconsistent" exploit code is likely or whether exploit code is unlikely.

"This is in direct response to customers asking for more information in prioritizing their [patch] deployments," Reavey said.

Both programs are scheduled to take effect in October.
prestitial ad