News

Microsoft Replacing Old Security Bulletins Portal Next Month

Microsoft's venerable "Security Bulletins" portal, which lists monthly software patch releases, will get replaced next month as Microsoft goes live with its new "Security Updates Guide" portal.

The Security Updates Guide is currently accessible as a preview. However, on Jan. 10, 2017, Microsoft will stop publishing the Security Bulletins portal. The Security Bulletin numbering system, using formats like "MS17-00x" to label security bulletin groups, also will be going away next month. Instead of using those bulletin numbers, Microsoft plans to identify its patches using "vulnerability ID numbers and KB [Knowledge Base] Article ID numbers," the company explained, in a Security Updates Guide FAQ.

This week's patch Tuesday release of security bulletins, a very light release affecting just four products (Windows, Microsoft Edge, Microsoft Office and the Adobe Flash Player), was the last such release using the old Security Bulletins numbering scheme. Microsoft's next security update release is slated for Feb. 14, which is when IT pros will have to rely on the new Security Updates Guide to get patch details.

The new portal already shows that it's possible to drill down into descriptions. For instance, a list of January KB articles can be found here. However, Microsoft's Knowledge Base articles in the Windows 10 era have been criticized as lacking the detailed descriptions that once were available to IT pros.

Microsoft had briefly explained this coming portal change back in November in this blog post. That announcement promised that the new Security Updates Guide portal would let organizations sort bulletins by "CVE [Common Vulnerabilities and Exposures], KB number, product, or release date." They could also use the new portal to exclude products they don't use. The portal also can be used to create CSV (comma-separated values) files for use in tables or databases.

Moreover, the new portal supports "a new RESTful API" to pull security information into applications, which eliminates having to do "screen-scraping of security bulletin web pages," the blog post suggested. Documentation on this new API can be accessed by clicking the Developer tab in the Security Updates Guide, according to Microsoft's FAQ. Users need a Microsoft account to access it, and there are some steps involved to use the API.

"The first time that you use the API you must create a key," the FAQ explained. "It will be saved for subsequent uses."

Microsoft's own tools for managing software updates, namely Windows Server Update Services and System Center Configuration Manager, will be updated to address the new Security Updates Guide approach, Microsoft's FAQ promised. The company is working with other software vendors as well, but Microsoft "cannot guarantee that all third-party software will work in the future" with the new portal, the FAQ stated.

Microsoft's My Bulletin portal has become casualty of Microsoft's portal revamp efforts. It won't be supported after the January security update release, Microsoft's FAQ indicated. The link to My Bulletin was still up at press time, but it'll likely disappear. The My Bulletin portal was designed let users create their own security bulletin dashboard for different Microsoft products.

Microsoft still plans to continue to issue its security advisories, which are notices of discovered vulnerabilities, rather than patches. Microsoft also plans to continue to issue so-called "out-of-band" security update releases (patches issued outside the usual monthly schedule). In addition, previously published security bulletin documentation won't be moving from their present locations, Microsoft's FAQ promised.

There will be a way to sign up to receive notifications when information gets added to the Security Updates Guide, according to the FAQ. The details, though, weren't available at press time.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Releases CodeQL for Detecting Solorigate Tampering

    Microsoft announced on Thursday that its CodeQL queries, which were used to detect possible compromise in its source code after the Solorigate attacks, are now publicly available at the GitHub repository.

  • Microsoft Bumping Up SLA Support for Azure Active Directory B2C Service

    Microsoft had lots to say this month about its Azure Active Directory service.

  • Black Sky White Cloud Graphic

    Microsoft Expands Cloud Programs for Specific Industries

    Microsoft on Wednesday described an expansion of its industry-specific cloud efforts by announcing three new program additions, centered on the needs of finance, manufacturing and nonprofit organizations.

  • Reusing Content Within Microsoft Word

    A new Microsoft Word feature lets you insert a block of text (or other content) from a different file without leaving the document you're currently working on.

comments powered by Disqus