Microsoft Launches Revamped Security Update Guide
Microsoft on Monday described the format of its newly improved "Security Update Guide," which is used to see monthly security patch details.
The revamped guide had appeared as a preview during last month's "update Tuesday" patch release. It's now described as having been launched, and the "preview" word is gone.
The "Security Update Guide" is Microsoft's monthly publication chronicling security patch details for the common vulnerabilities and exposures (CVEs) found in Microsoft's software. The guide typically approaches or exceeds 100 pages in length and tends to be repetitive, making it a fairly tough read.
Now, Microsoft is promising that this newly revamped guide will be more succinct, with sentence-length descriptions boiled down to a single word, in some instances. Microsoft also promised that it is "scoring every vulnerability" according to the Common Vulnerability Scoring System with the release of the new guide.
Readers of this terse new version of the guide can get further information by hovering a mouse cursor over a word in its table-like format. For instance, under the "Scope" for a vulnerability description the word, "Unchanged," appears. When a user hovers over "Unchanged," they'll see something like the following explanatory text:
An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and impacted component are either the same, or both are managed by the same security authority.
Such a description doesn't really seem that clear. Terse phrasings sometimes can be a good thing, though.
Perhaps the best new aspect of the revamped "Security Update Guide" is the ability for readers to show which columns will appear for a given vulnerability description. It lets users show information about whether a security vulnerability was "exploited" or "publicly disclosed," for instance, which are key words indicating greater risk of an attack.
Also, fans of the "Security Update Guide" now have a "dark mode" option that reverses the traditional white background and black text scheme, which perhaps makes reading the guide less glaring.
The default order of the new guide seemed a little odd. My view of the October release of the guide, for instance, showed a Visual Studio Code vulnerability leading the list, followed by Windows 10 vulnerabilities. The default view didn't seem to be ordered by CVE number, priority or alphabetic approach.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.