Tag: SUG

Microsoft retires security bulletins

Microsoft retired the security bulletins making many security experts lives rather difficult.

Vole announced the demise of bulletins in November, saying then that the last would be posted with January’s Patch Tuesday, and that the new process would debut 14 February.

A searchable database of support documents would replace the bulletins. Accessed through the “Security Updates Guide” (SUG) portal, the database’s content can be sorted and filtered by the affected software, the patch’s release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or “knowledge base” support document.

SUG’s forerunners were the web-based bulletins that have been part of Microsoft’s patch disclosure policies since at least 1998.

Vole did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors, so getting rid of them seemed so strange.

In February Microsoft cancelled that month’s Patch Tuesday just hours before the security updates were to reach customers, making the bulletins’ planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG.

Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.

SUG is not so popular, even if analysts say it has great potential.  Many are undecided whether it would be able to deliver the same quantity and quality of information as the bulletins, without burdening administrators with more work.

Most of the information packed into the earlier bulletins remained available through SUG by digging into the numerous online documents, it is not as accessible.