Microsoft no longer publishes security bulletins. Last November they warned that the Security Bulletins on Patch Tuesday would be discontinued and they followed through on their promise with the April 2017 edition. Information about software vulnerability is now only found on the Security Update Guides portal (SUG).
While the portal is searchable by CVE, KB article, product or release date, the change in process has impacted the daily routines of SCCM Patch Management Admins and IT security professionals.
Security Bulletins have been around for years and administrators have built their processes around the predictable and consistent delivery of these bulletins. Microsoft’s format changes are inconvenient for patch management professionals, who already have enough on their plate. The additional time to research and understand the security patches required for their unique environments will only lengthen the time to patch.
Microsoft says that SUG has functionality that users have been asking for and that the portal allows users to customize it for their unique needs. While the portal has advanced capabilities, the change has generated concern about the impact on customers’ existing patch management activities. Companies will have to modify the way they research vulnerabilities as well as their enterprise patch management processes.
If you relied on Microsoft Security Bulletins and now need to find a new and easier solution, try Flexera Vulnerability Intelligence Manager. Secunia Research is renowned for its accuracy, and provides verified intelligence that’s been scrutinized and rated before distribution to customers worldwide. These alerts are customized to their environment and requirements.