Skip to main content
  1. Home
  2. Web
  3. News

Microsoft security bulletins’ days are numbered as February approaches

By

After serving up web-based security bulletins since around 1998, Microsoft will replace this service with the Security Updates Guide next month. Microsoft announced the end of its security bulletins in November 2016, stating that the last security bulletin would be the January 2017 Update Tuesday release. After that, all update information would be published on the new Security Updates Guide portal instead.

“Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs,” Microsoft stated. “Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”

Recommended Videos

Since November, Microsoft has served up the new Security Updates Guide portal as a preview. However, the site will kick into full gear on February 14, which will be the monthly Patch Tuesday rollout. Traditional security bulletins published as individual web pages actually ended on January 10, and all security update information published after that date will only be provided on the new portal.

Related

According to Microsoft’s FAQ, the company not only retired security bulletin webpages, but security bulletin ID numbers as well. Thus, instead of assigning an update with a bulletin ID, Microsoft will rely on vulnerability ID numbers and KB Article ID numbers instead. However, all previously published traditional security bulletin web pages will remain at the present online location.

Microsoft said in November that once the new portal goes live, users will have the ability to sort and filter security vulnerability and update content. Even more, users will be able to “drill down” into the database to access detailed security update information that matters the most. There will also be a new RESTful API that will eliminate screen-scraping and other outdated methods of assembling working databases from security bulletin webpages.

“The historical bulletin search spreadsheets will continue to be available on TechNet,” the FAQ currently states. “With the new Security Updates Guide, you can create similar spreadsheets that relate individual CVEs to affected software. The columns relevant to bulletins specifically will be removed.”

The FAQ adds that users of the Security Updates Guide portal can access the dashboard without having to log into TechNet. However, if users click on the Developer tab to access the RESTful API, they will be asked to sign into their Microsoft account. Once that is done, users must then create a key to use the API, which will be saved in the account for “subsequent uses.”

As for third-party management tools that previously accessed the security bulletins, Microsoft said that it is working with these tool providers to adjust their software to work with the new Security Updates Guide database. Microsoft also warned that it can’t guarantee these tools will even work with the new portal once it kicks into full gear in February.

Editors’ Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
You definitely want to install these 90 Windows security patches
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC's system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro's Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Read more
The latest Windows update is breaking VPN connections
Windows Update running on a laptop.

Microsoft has acknowledged that the Windows security updates for April 2024 (KB5036893 for Windows 11, KB5036892 for Windows 10) are causing disruptions to virtual private network (VPN) connections across various client and server platforms. According to information on the Windows health dashboard, devices running Windows may experience VPN connection failures following the installation of either the April 2024 security update or the April 2024 non-security preview update.

The company has also stated that it is actively investigating user reports regarding these issues and will share more details in the coming days. The impacted Windows versions include Windows 11, Windows 10, and Windows Server 2008 onward.

Read more