Microsoft has decided to discontinue the Security Update Bulletins and instead provide this information in a Security Update Guide Portal. This website outlines steps in detail for deploying Microsoft security updates within an environment and how to use available resources effectively to help make an organization’s IT environment secure. Let us take a look at all this website has to offer.
When it comes down to applying security bulletins, you’ll experience a change in the way how information about updates is made available to you. In earlier approach, it was somewhat difficult for security teams to track, slice and dice the information. Many teams resorted to the same old technique of “copying and pasting” from the bulletins and adding them into their own Word docs or Excel spreadsheets.
Apart from the above, there was a lot of overhead in that approach, and Microsoft soon felt the urge to bring about a change in the scheme of things. It is a well-known fact that security organizations, today, need the information they’re interested in a format they can easily manipulate on a programmatic basis. Hence, the need of a new Security Update Guide which you can use to get information about security updates each month. The idea is quite simple, instead of getting information about updates from monthly security bulletins, you get them from the Security Update Guide.
Microsoft has a long history in being a leader with security updates. We deployed a worldwide network to support Windows Update, and enabled our enterprise customers to finely tune their update strategies with Windows Server Update Services and similar updating technologies. We’re serious and heavily invested in keeping you secure with updates. Be you in the cloud or on-premises, we’ve got you covered. That’s not going to change. What is going to change is how we let you know about updates, says Thomas W Shinder of Microsoft.
Microsoft Security Update Guide Portal
What’s so special about the new the Security Update Guide? Well, it is a searchable database that you can use to find updates and filter them based on what you’re interested in. Once you have found the information of your interest you can download the list of updates and associated data as an Excel spreadsheet.
Moreover, with this new web tool you can:
- Filter and sort using a variety of parameters
- Focus on Security Updates that are important to you
- Use a new RESTful API to speed up security information acquisition and recording
How to get started?
Once you open the Security Update Guide Portal, you’ll see a page there with some useful links that you may be interested in checking out.
For example, you can read the Security Update Guide FAQ – the FAQ page has a lot of useful information and advice that can help you get the most out of Security Update Guide
Also, on the same page, you will find a ‘Go to Security Update Guide’ button as seen in the figure below.
Click the button and agree to the conditions of the license agreement to get access to the guide and use its dashboard. There’s no requirement of the sign in to use it. If you decide to check out what’s on the Developer tab, then you’ll need to sign in.
Once, you land on the Security Update Guide page. You’ll see a page that offers ways to filter your list of security updates (and you can combine filters):
- Product category
Here, you can define or set your date parameters. For instance, start and end date. For product categories, you can view All Product Categories (which is the default), or click the drop-down list to view other options.
Thereafter, you can focus on the specific products within the categories you select. For example, In the screenshot, you will find the default of All Product Categories is not chosen. So, when you click the drop down for All Products, you will find all the Microsoft products listed. You can undo the changes made anytime. Also, as you may notice, there are tons of products, so if you want to limit the number of products that appear in your report, pick the categories you’re specifically interested in first.
If there is an update with a specific CVE or KB number you want to look up, just enter the text related to it into the Search on CVE number of KB Article box.
Then, under the filter options that lists monthly release notes, select the release note you are looking for. The list of updates relevant to your filtered search would automatically appear.
If you would also like to view more information, simply put a checkmark against the Details, Severity or Impact checkboxes. The report would automatically be displayed in additional columns. You can then filter the report furthermore using the text filter option, as seen in the figure below.
Finally, The Security Update Guide development API can be used to create a report in CVRF format. To use this API, click the DEVELOPER tab, and log into TechNet when prompted. From this tab, you can see code samples in a variety of scripting languages. See the image below for better understanding of this.
The process of pushing out Security Bulletins first began in 2004 when the company used these bulletins to notify companies about security related patches for their software. These notifications were used in conjunction with Patch Tuesday. However, with the advancement of time, it was realized that the process did not prove to be efficient for both, Microsoft as well as its customers. As such, the best course of action that was decided to follow was rolling out of a new Security Update Guide. This allowed customers to search across the entire security update database to find content that was applicable to their software installations.