This January 2017 marked the end of an era in regards to how Microsoft will structure its security updates. It seems “Patch Tuesday” – the second Tuesday of the month when Microsoft scheduled its security patch bulletins – will become a thing of the past. Instead, customers will be referred to the new Windows Security Updates Guide, a portal where they can view and search for security updates on a single online database.
The portal should make it easier for users to find specific bulletins relevant to their organisation, unlike before when they had to browse through an index of documents sent once a month. Microsoft will categorize needed updates by unique vulnerability IDs through the Security Update Guide which will be accessible by a dashboard and API. While security bulletin IDs will be scrapped, past bulletins will still be available online for references. Moreover, Microsoft says they will continue to issue out-of-band patch notifications as required.
Tyler Reguly, manager of Tripwire’s vulnerability and exposure research team commented to SearchSecurity via email that, “after 20 years and 1535 bulletins, this month may be the end of an era. It will be interesting to see what the future holds for Microsoft and Patch Tuesday.”