April 13th, 2017, 19:46 PM
Microsoft kills off security bulletins after several stays
Microsoft this week retired the security bulletins that for decades have described each month's slate of vulnerabilities and accompanying patches for customers -- especially administrators responsible for companies' IT operations.
One patch expert reported on the change for his team. "It was like trying to relearn how to walk, run and ride a bike, all at the same time," said Chris Goettl, product manager with patch management vendor Ivanti.
The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them.
Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday, and that the new process would debut Feb. 14. A searchable database of support documents would replace the bulletins. Accessed through the "Security Updates Guide" (SUG) portal, the database's content can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document.
SUG's forerunners were the web-based bulletins that have been part of Microsoft's patch disclosure policies since at least 1998. Microsoft did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors.