Microsoft's Shifts from Security Bulletins to the Security Update Guide

Microsoft first started pushing out their Security Bulletins back in 2004 to notify companies about security related patches for their software.

These notifications were used in conjunction with Patch Tuesday however, in recent years the company has realized that the process was not as efficient for them or customers.

That is why the new Security Update Guide was put together as a single portal where customers can search across the entire security update database to find content that is applicable to their software installations.

In a new blog post this week, the Microsoft Azure Security and Compliance team explains why this approach works better than the older security bulletins that were in use.

"In this model, you’ll use the Security Update Guide to get information about security updates each month. “Patch Tuesday” doesn’t go away, and there may sometimes still be out-of-band updates, but instead of getting information about updates from monthly security bulletins, you’ll be getting them from the Security Update Guide."

The Security Update Guide can be searched on several parameters including CVE or KB number, by product, release date, and customized to your own software focus.

You can access the new Security Update Guide at https://portal.msrc.microsoft.com/en-us/security-guidance and you  read more at the Security Update Guide FAQ.

There is also an API associated with the Security Update Guide so you can develop your own app for retrieving data from this database to simplify your access/use of the information they provide.

This API is not yet available but I will update this article once Microsoft posts a write up about accessing and using it for the Security Update Guide.

----------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!