In a move to better assist system administrators, Microsoft is working on an update to its Windows Update service that will include software patches to fix security holes in its server products.
"We've become increasingly aware that the ease of managing security fixes is a critical issue for administrators in small and medium- sized businesses. In fact, for many of these administrators, manageability is even more critical than configuration control," said Scott Culp, a security program manager at Microsoft's Security Response Center in an e-mail Tuesday.
Windows Update is an online service that scans systems, suggests updates, and installs them on request. In the past, corporate IT professionals told Microsoft they had no interest in a service that installs patches onto the server, Culp said. As a result Windows Update was oriented to the home user and didn't include fixes for many server products.
"We're in the process of changing Windows Update so that it will serve both home and corporate users. We've been working with the Windows Update team to ensure that security fixes for IIS and other server products are available on the site," said Culp.
Windows Update won't be pulled back and re-launched. The fixes for server software will be added to the site in the coming weeks and months, added a Microsoft spokeswoman. In the meantime, server administrators are advised to use Windows Update in tandem with Microsoft's TechNet Security Notification Service, a free e-mail alert service.
TechNet is Microsoft's Web site for IT professionals. Microsoft doesn't push the mailing list or the site as much as it does Windows Update, to which every Windows user has a shortcut in the Start menu.
Web site hosting company XS4ALL Internet BV, which runs Windows 2000 servers for customers, said Windows Update can confuse novice server administrators.
"Windows Update is somewhat deceptive, it looks like you get all the updates, but in fact you don't. For server patches you need to go to Microsoft's site for IT professionals," said XS4ALL spokeswoman Sjoera Nas. "After receiving the e-mail you have to manually download the patch and install it."
To help ensure that customers "aren't confused," Microsoft said it would soon add information to the Windows Update site that tells the users where the latest IIS patches can be found.
