Skip to main content
  1. Home
  2. Web
  3. News

Microsoft security bulletins’ days are numbered as February approaches

By

microsoft
drserg/123rf
After serving up web-based security bulletins since around 1998, Microsoft will replace this service with the Security Updates Guide next month. Microsoft announced the end of its security bulletins in November 2016, stating that the last security bulletin would be the January 2017 Update Tuesday release. After that, all update information would be published on the new Security Updates Guide portal instead.

“Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs,” Microsoft stated. “Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”

Recommended Videos

Since November, Microsoft has served up the new Security Updates Guide portal as a preview. However, the site will kick into full gear on February 14, which will be the monthly Patch Tuesday rollout. Traditional security bulletins published as individual web pages actually ended on January 10, and all security update information published after that date will only be provided on the new portal.

Related

According to Microsoft’s FAQ, the company not only retired security bulletin webpages, but security bulletin ID numbers as well. Thus, instead of assigning an update with a bulletin ID, Microsoft will rely on vulnerability ID numbers and KB Article ID numbers instead. However, all previously published traditional security bulletin web pages will remain at the present online location.

Microsoft said in November that once the new portal goes live, users will have the ability to sort and filter security vulnerability and update content. Even more, users will be able to “drill down” into the database to access detailed security update information that matters the most. There will also be a new RESTful API that will eliminate screen-scraping and other outdated methods of assembling working databases from security bulletin webpages.

“The historical bulletin search spreadsheets will continue to be available on TechNet,” the FAQ currently states. “With the new Security Updates Guide, you can create similar spreadsheets that relate individual CVEs to affected software. The columns relevant to bulletins specifically will be removed.”

The FAQ adds that users of the Security Updates Guide portal can access the dashboard without having to log into TechNet. However, if users click on the Developer tab to access the RESTful API, they will be asked to sign into their Microsoft account. Once that is done, users must then create a key to use the API, which will be saved in the account for “subsequent uses.”

As for third-party management tools that previously accessed the security bulletins, Microsoft said that it is working with these tool providers to adjust their software to work with the new Security Updates Guide database. Microsoft also warned that it can’t guarantee these tools will even work with the new portal once it kicks into full gear in February.

Editors’ Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Microsoft Edge gets hit with the same serious security bug that plagued Chrome
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

Microsoft just released an Edge browser update that patches a dangerous flaw that could allow a cleverly designed attack to execute arbitrary code. While every security update should be installed promptly, this one is a bit more urgent because the attack is "in the wild" already, meaning that hackers are already taking advantage of this vulnerability to breach security.

Designated CVE-2022-2294, this vulnerability was actually a flaw with the Chromium project, the open-source code that Google's Chrome browser is built upon. Microsoft uses the same base code for the Edge browser, meaning bugs that affect one often plague the other. Google patched the same bug recently and has been keeping quiet about details of the attack to allow others to make similar fixes, since Chromium is quite a popular codebase.

Read more
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more
Microsoft Defender finally feels like proper antivirus software for individuals
The Windows Security app in Windows 11.

With password attacks and ransomware on the rise, Microsoft has announced the general availability of Microsoft Defender for individuals, a premium, cross-platform, consumer security application for Windows, Android, iOS, and Mac.

Available for paid Microsoft 365 Personal and Family subscribers, this new security offering from Microsoft is the latest step in a journey to bring its security features to all of its users. Building on what's been done with the Windows Security app on Windows, Microsoft Defender for individuals will bring together multiple protections into a single online dashboard.

Read more