Microsoft Retires Security Bulletins as Customers scramble to revise how they research software vulnerabilities

Microsoft customers have reported a considerable increase in the amount of time it takes to digest software vulnerability information using the new Microsoft Security Update Guides portal (SUG).  Microsoft stopped publishing security bulletins starting with the April 2017 edition of Patch Tuesday.

Security Bulletins have been around for years and administrators have built their processes around the predictable and consistent delivery of these bulletins, but last November Microsoft warned that the Security Bulletins would be discontinued.  While the portal has advanced capabilities, the change has generated concern about the impact on customers’ existing security patch management activities. Companies will have to modify the way they research vulnerabilities and manage their enterprise patch management processes.

Several Flexera customers have contacted us asking if Secunia Research will be changing how we report on and present Microsoft vulnerability research.

The answer is: – No. Secunia Research@Flexera will continue to report on vulnerabilities according to our framework and policies.  Secunia Research provides aggregated information on all CVE’s affecting specific products in a particular Patch Tuesday release and indicates all vulnerabilities closed by a particular patch.  Flexera customers can continue to rely on Secunia Advisories for information and details contained in Patch Tuesday releases. These Advisories are directly connected with customers’ asset lists or assessment results and support existing processes.

For more information or to discuss your specific needs, contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *