Microsoft Kills Off Security Bulletins

Microsoft has officially retired the security bulletins this week, which were issued to detail “each month’s slate of vulnerabilities and accompanying patches for customers — especially administrators responsible for companies’ IT operations,” writes Gregg Keizer via Computerworld. “The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them.” From the report: Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January’s Patch Tuesday, and that the new process would debut Feb. 14. A searchable database of support documents would replace the bulletins. Accessed through the “Security Updates Guide” (SUG) portal, the database’s content can be sorted and filtered by the affected software, the patch’s release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or “knowledge base” support document. SUG’s forerunners were the web-based bulletins that have been part of Microsoft’s patch disclosure policies since at least 1998. Microsoft did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors.In February Microsoft canceled that month’s Patch Tuesday just hours before the security updates were to reach customers, making the bulletins’ planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG. Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *