Skip to main content
  1. Home
  2. Web
  3. News

Microsoft security bulletins’ days are numbered as February approaches

By

microsoft
drserg/123rf
After serving up web-based security bulletins since around 1998, Microsoft will replace this service with the Security Updates Guide next month. Microsoft announced the end of its security bulletins in November 2016, stating that the last security bulletin would be the January 2017 Update Tuesday release. After that, all update information would be published on the new Security Updates Guide portal instead.

“Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs,” Microsoft stated. “Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”

Recommended Videos

Since November, Microsoft has served up the new Security Updates Guide portal as a preview. However, the site will kick into full gear on February 14, which will be the monthly Patch Tuesday rollout. Traditional security bulletins published as individual web pages actually ended on January 10, and all security update information published after that date will only be provided on the new portal.

According to Microsoft’s FAQ, the company not only retired security bulletin webpages, but security bulletin ID numbers as well. Thus, instead of assigning an update with a bulletin ID, Microsoft will rely on vulnerability ID numbers and KB Article ID numbers instead. However, all previously published traditional security bulletin web pages will remain at the present online location.

Microsoft said in November that once the new portal goes live, users will have the ability to sort and filter security vulnerability and update content. Even more, users will be able to “drill down” into the database to access detailed security update information that matters the most. There will also be a new RESTful API that will eliminate screen-scraping and other outdated methods of assembling working databases from security bulletin webpages.

“The historical bulletin search spreadsheets will continue to be available on TechNet,” the FAQ currently states. “With the new Security Updates Guide, you can create similar spreadsheets that relate individual CVEs to affected software. The columns relevant to bulletins specifically will be removed.”

The FAQ adds that users of the Security Updates Guide portal can access the dashboard without having to log into TechNet. However, if users click on the Developer tab to access the RESTful API, they will be asked to sign into their Microsoft account. Once that is done, users must then create a key to use the API, which will be saved in the account for “subsequent uses.”

As for third-party management tools that previously accessed the security bulletins, Microsoft said that it is working with these tool providers to adjust their software to work with the new Security Updates Guide database. Microsoft also warned that it can’t guarantee these tools will even work with the new portal once it kicks into full gear in February.

Editors' Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
It’s not just you: Microsoft confirms Windows 11 is having gaming issues
Acer Predator Orion 7000 sitting on a table.

Microsoft has confirmed that the latest update to Windows 11 is causing performance issues in some games, along with a host of other problems. Stuttering might be noticeable in some apps as well.

Microsoft has put a hold on its Windows 11 22H2 update on devices affected by this issue; however, it is still possible to install the update manually. If you haven’t updated yet, it’s best to wait until you get a notification that an update is available.

Read more
Apple Security Research website launches to protect your Mac
Apple Seurity Research website has resources for bug bounty hunters.

Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.

The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.

Read more
It’s not just you — Microsoft admits its patches broke OneDrive
Microsoft OneDrive files can sync between a PC and a phone.

If you’ve been experiencing OneDrive crashes and error messages, before digging too deep for a solution, note that it might be Microsoft’s fault. Common solutions like restarting, or signing out and back in won’t help because the issue is with the latest Windows 10 update.

Apparently, the problem begins after installing the 22H2 update for Windows 10 that was released on October 18, 2022. Today, Microsoft confirmed that after updating Windows 10, OneDrive might “unexpectedly close,” a nice way to describe a crash. This problem isn’t affecting Windows 11 computers and it’s still possible to use OneDrive via a browser.

Read more