Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Security Bulletins Will End In February (computerworld.com)

Posted by EditorDavid on from the cumulative-casualties dept.

Remember how Microsoft switched to cumulative updates? Now Computerworld points out that that's bringing another change. An anonymous reader quotes their report: Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches... A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG. The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE identifier, and the numerical label of the KB, or "knowledge base" support document.
Redmond Magazine reports that Microsoft still plans to continue to issue its security advisories, and to issue "out-of-band" security update releases as necessary.

11 of 39 comments (clear)

  1. Re:Ah yes by Anonymous Coward · · Score: 3, Informative

    It is better, you can access it across REST API, integrate your own interface and watch exactly what you want to watch. We are looking at integrating it into our alerting system to trigger alerts for individual teams based on their area of responsibility. This is much better than trawling through bulletins.

  2. What ?? by ddtmm · · Score: 3, Funny

    I have no idea what this means

    1. Re:What ?? by SeaFox · · Score: 2

      I have no idea what this means

      Sounds like beginning in February, you'll be able to use that line a whole lot more -- as to why an update was sent out.

  3. Abuse? by Anonymous Coward · · Score: 2, Funny

    It's Microsoft, so it is probably a way of delivering abuse.

  4. How does this profit Microsoft? by mmell · · Score: 4, Insightful
    It's going to cost enterprises money to adapt to this change - whether it's for the better or not - because they have to spend time and effort evaluating and redesigning their patch and security management stances.

    OTOH, they did manage to make the famous "patch Tuesday" and equally infamous "exploit Wednesday" go away . . . then again, nowadays it seems like every day is "exploit Wednesday".

  5. Detailed? by aliquis · · Score: 5, Insightful

    All I've ever seen in Windows is kinda "we've patched a bug in Windows ..." and then you could click some link and then you got about the same information and no real details whatsoever.

    Maybe a bit more detail than what I said but .. nothing really worth mentioning or interesting.

  6. Not that I care by butzwonker · · Score: 2, Insightful

    On my Windows 7 machine, every cumulative security update since last October has failed anyway. I was told that it might have to do with the fact that it's a dual boot system. Be that as it may, since I use Linux for main work it doesn't matter that much, I will just make sure that I never use Windows for any payments or passwords and let Windows slowly 'phase out'. (Unfortunately, I cannot give it up entirely, because I'm using a lot of commercial Windows-only audio software.)

  7. Re:Ah yes by jellomizer · · Score: 3, Insightful

    So offload the work from people who are security and system administration midended and dump it on the other teams who are focused on meeting the business objectives. So this way more security holes get put in but that is fine because it is the other departments fault.
    Just because the staff may have the ability to monitor such stuff it doesn't mean they have the time and resources to actually do the job.
    Hey it may work at your organization but you are crossing on of the pet peeves I have at may work where the System Administration dumps edicts and their jobs to the App teams while the App teams also have a full work load.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. Not surprising by quonset · · Score: 3, Insightful

    With each iteration of Windows Microsoft has made it more and more difficult to find and change settings on your own machine, even going so far as to move settings from one area they've been in for the longest time to a completely different and unrelated section

    Now comes the updates. In the past one could easily find what the update entailed by reading the update itself (not always helpful) or by clicking the link Microsoft provided. Instead of that easy process one will now have to jump through hoops to find what they want.

    Considering how often we hear Microsoft's software is supposed to make life easier, they sure seem to be going out of their way to make it more difficult.

  9. Re:Ah yes by arglebargle_xiv · · Score: 3, Funny

    Change for the sake of change, lacking any legitimate reason

    There's a perfectly legitimate reason for doing this. As everyone knows, Windows 2000^H^H^H XP^H^H^H Vista^H^H^H 7^H^H^H 8^H^H^H 10 is the most secure version of Windows ever, so there's no need for security bulletins any more because it's so secure.

  10. Backwards, POST can't be cached, GET can by raymorris · · Score: 2

    Probably a typo, you listed it backwards. GET is cacheable, POST is not, by definition.

    GET puts the parameters in the URL specifically so that a cache can return the proper resource based on the URL - users.doc?page=2 will return the second page of users.

    POST *creates* something on the server or otherwise alters it, so just returning a cached response without sending the post to the origin isn't the same at all. You can't cache create_user.do, you actually have to send the command to the server each time you want to create a user.