Update: Microsoft today has reversed course on its decision to suspend security email notifications, and will resume doing so on Thursday.

The original decision, made in response to Canada’s antispam law set to go into effect tomorrow, was announced on Friday. This afternoon, however, a Microsoft spokesman said the email notifications will begin again with this week’s advanced notification of the July Patch Tuesday security advisories.

“We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service (ANS) on July 3, 2014,” the company’s statement said.

The move baffled many in the security community, who came to expect the monthly emails, which provide information on what applications will be patched on the next Patch Tuesday. Microsoft has used this as a main communications channel for keeping its enterprise customers apprised of what’s going in terms of security for the better part of a decade now. After the company began releasing its security patches on a regular monthly schedule, it started sending emails to customers a few days beforehand to let them know how many and what kinds of patches to expect.

Microsoft also sends out regular messages about new security advisories or when new information is added to a bulletin, such as when active attacks against a given flaw are seen or when a workaround is developed. Microsoft posted last week to the Full Disclosure security mailing list that the move was in response to an unspecified change in government regulation.

“As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following:

  • Security bulletin advance notifications
  • Security bulletin summaries
  • New security advisories and bulletins
  • Major and minor revisions to security advisories and bulletins

Microsoft recommended customers subscribe to one or more of its RSS feeds described on the Security TechCenter website.

Several sources indicated that the change is related to a new anti-spam law going into effect in Canada.

In addition to its email notifications, Microsoft posts all of its new bulletins, advance Patch Tuesday notifications and other security information on a number of channels, including various company blogs, Twitter and elsewhere.

This story was updated at 6:30 p.m. ET.

Categories: Microsoft, Vulnerabilities, Web Security

Comment (1)

  1. maxCohen
    1

    I just have to vent.
    ************

    Dear MS:
    I don’t want to follow your various blogs hoping that I see ALL of your notifications and wonder if I have to follow every blog to make sure I get all notices.

    I don’t want to follow you on Twitter hoping I don’t miss a security notification in the plethora of other marketing vomit you might but there.

    But at least you have it in RSS.

    ************
    Thank you

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>