Patch Tuesday: Microsoft To Stop Publishing Security Bulletins

Patch Tuesday is changing: From February, Microsoft will communicate security updates via a dynamic online portal rather than a static bulletin

Microsoft is changing the way it communicates security updates from next month and will no longer publish the bulletins as it has done for the past 12 years.

The company first declared its intentions in November and the most recent Patch Tuesday, released on 10 January, was the last in the previous format.

From 14 February, the company’s monthly updates will be accessible via a new security bulletins portal.


Patch Tuesday changes

“Information about the security updates we release are currently made available on the Microsoft Security Bulletin website,” said Microsoft. “However, our customers have asked for better access to update information, as well as easier ways to customise their view to serve a diverse set of needs.”

“Starting next month Microsoft will scrap the existing system where users get a document each month in favour of a new ‘single destination for security vulnerability information’ called the Security Updates Guide,” said Amol Sarwate, director of vulnerability research at Qualys.

“The new security portal is driven by an online database, and instead of having to browse through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates.”

Should we embrace AI or fear it?

View Results

Loading ... Loading ...

Users will be able to sort updates via a Common Vulnerabilities and Exposure (CVE) identifier, knowledge base number or article ID number. Admins can also filter out vulnerabilities for products they don’t use.

A monthly summary will be available within the portal and Microsoft has stressed that customers will be notified of any out-of-cycle updates. Customers will also be able to sign up for automatic notifications.

The most recent Patch Tuesday had just four bulletins, compared to December’s 12, including two ‘critical’ vulnerabilities. The package concerned four products: the Microsoft Edge web browser, Microsoft Office and Adobe Flash. It is expected that the February update will be a bit bulkier.

Quiz: Know all about Microsoft?