Do you rely on Microsoft Security Bulletins to keep abreast of new patches and fixes to known vulnerabilities? If so, you should get prepared for a change to how Microsoft makes its announcement of security fixes.
In a recent blog post, Microsoft has confirmed that the Security Bulletins – as we know them – will be stopping in January 2017. From February 2017, all patches and security fixes will be added to the Microsoft Security Updates Guide database. No More Security Bulletins will be released.
The change is unlikely to have a major impact on users, as update information will still be made available. However, all the information that has previously been released via Microsoft Security Bulletins will be moved to a single database, which should – in theory at least – make it easy to search for the information that users need.
Most security professionals are only really interested in viewing the latest security updates, so provided that information is presented clearly, there should be no problem.
The change has been made following requests from customers to have easier access to update information. According to Microsoft, customers have requested “easier ways to customize their view to serve a diverse set of needs.”
Users will be able to view and filter information by release date, product, KB number, or CVE. The new interface will also allow security professionals to customize the view to exclude information about products of no relevance.
Microsoft has also explained that a new RESTful API will enable users to obtain information about Microsoft Security updates. “This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.”
All in all, this promises to be a positive move that will make information much easier to find and access. But then again, Windows 10 was expected to solve a lot of issues.