Microsoft Launches Revamped Security Update Guide -- Redmondmag.com

Microsoft Launches Revamped Security Update Guide

By Kurt Mackie
11/09/2020

Microsoft on Monday described the format of its newly improved "Security Update Guide," which is used to see monthly security patch details.

The revamped guide had appeared as a preview during last month's "update Tuesday" patch release. It's now described as having been launched, and the "preview" word is gone.

The "Security Update Guide" is Microsoft's monthly publication chronicling security patch details for the common vulnerabilities and exposures (CVEs) found in Microsoft's software. The guide typically approaches or exceeds 100 pages in length and tends to be repetitive, making it a fairly tough read.

Now, Microsoft is promising that this newly revamped guide will be more succinct, with sentence-length descriptions boiled down to a single word, in some instances. Microsoft also promised that it is "scoring every vulnerability" according to the Common Vulnerability Scoring System with the release of the new guide.

Readers of this terse new version of the guide can get further information by hovering a mouse cursor over a word in its table-like format. For instance, under the "Scope" for a vulnerability description the word, "Unchanged," appears. When a user hovers over "Unchanged," they'll see something like the following explanatory text:

An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and impacted component are either the same, or both are managed by the same security authority.

Such a description doesn't really seem that clear. Terse phrasings sometimes can be a good thing, though.

Perhaps the best new aspect of the revamped "Security Update Guide" is the ability for readers to show which columns will appear for a given vulnerability description. It lets users show information about whether a security vulnerability was "exploited" or "publicly disclosed," for instance, which are key words indicating greater risk of an attack.

Also, fans of the "Security Update Guide" now have a "dark mode" option that reverses the traditional white background and black text scheme, which perhaps makes reading the guide less glaring.

The default order of the new guide seemed a little odd. My view of the October release of the guide, for instance, showed a Visual Studio Code vulnerability leading the list, followed by Windows 10 vulnerabilities. The default view didn't seem to be ordered by CVE number, priority or alphabetic approach.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.