Microsoft is working to end the patch management nightmare by creating a new, centralised patch-management architecture that it will use for all its products; this infrastructure will be used by a new generation of services, such as Microsoft Update, and tools, like the company's installer programs.
This week, the company issued its first beta of Microsoft Installer 3.0, one of two installer programs Microsoft will support under the new patch management scheme. For anyone supporting Microsoft's products, what was once a dream is suddenly becoming reality.
"Customers told us to reduce the vulnerabilities in our products before they ship, and to get fixes out before vulnerabilities are exploited," a Microsoft representative told me. "It's not easy delivering timely, high quality patches under our current system. So we need to simplify patch management, and create tools to do this effectively and consistently." Microsoft Installer 3.0, one of the two end-user patch installation technologies Microsoft will support under the new scheme should ship in early 2004, I've been told.
Microsoft has many goals for its next-generation installer technology. Hot-fixes, security patches, and other updates shouldn't require a reboot when possible, the company tells me. There should be a simpler and more consistent way to determine what patches are already installed and which critical updates need to be installed. Patches should be delivered as quickly as possible, reducing customers' exposure to problems. And of course, patches should work properly the first time and not introduce separate issues of their own.
Microsoft Installer 3.0 is only part of the answer. The company will shore up its patch infrastructure in the coming months and then update services like Windows Update and AutoUpdate to work off the new common back-end.
Then, a wide-reaching service, currently known only as Microsoft Update, will arrive, providing updates for all of the company's applicable products. Other patch management-related products, such as Systems Management Server (SMS), the Microsoft Baseline Security Advisor, and Software Update Services (SUS) will also be updated to take advantage of the new infrastructure.
Copyright (c) 2003 CMP Media LLC