With the launch of the Security Updates Guide portal, users and security experts will have to rely on a new way to get info on vulnerabilities and patches.
After serving up web-based security bulletins since around 1998, Microsoft will replace this service with the Security Updates Guide next month. Microsoft announced the end of its security bulletins in November 2016, stating that the last security bulletin would be the January 2017 Update Tuesday release. After that, all update information would be published on the new Security Updates Guide portal instead.
“Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs,” Microsoft stated. “Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”
Since November, Microsoft has served up the new Security Updates Guide portal as a preview. However, the site will kick into full gear on February 14, which will be the monthly Patch Tuesday rollout. Traditional security bulletins published as individual web pages actually ended on January 10, and all security update information published after that date will only be provided on the new portal.
According to Microsoft’s FAQ, the company not only retired security bulletin webpages, but security bulletin ID numbers as well. Thus, instead of assigning an update with a bulletin ID, Microsoft will rely on vulnerability ID numbers and KB Article ID numbers instead. However, all previously published traditional security bulletin web pages will remain at the present online location.
Microsoft said in November that once the new portal goes live, users will have the ability to sort and filter security vulnerability and update content. Even more, users will be able to “drill down” into the database to access detailed security update information that matters the most. There will also be a new RESTful API that will eliminate screen-scraping and other outdated methods of assembling working databases from security bulletin webpages.
“The historical bulletin search spreadsheets will continue to be available on TechNet,” the FAQ currently states. “With the new Security Updates Guide, you can create similar spreadsheets that relate individual CVEs to affected software. The columns relevant to bulletins specifically will be removed.”
The FAQ adds that users of the Security Updates Guide portal can access the dashboard without having to log into TechNet. However, if users click on the Developer tab to access the RESTful API, they will be asked to sign into their Microsoft account. Once that is done, users must then create a key to use the API, which will be saved in the account for “subsequent uses.”
As for third-party management tools that previously accessed the security bulletins, Microsoft said that it is working with these tool providers to adjust their software to work with the new Security Updates Guide database. Microsoft also warned that it can’t guarantee these tools will even work with the new portal once it kicks into full gear in February.