New Microsoft service lists security bulletins for your software

Summary:Microsoft myBulletins service on Technet allows a user to determine which software updates they should apply. We think it's likely useful only for small organizations and individuals.

Fighting the long battle to get users to apply software updates promptly, Microsoft has launched a new service for individuals and smaller organizations that may help.

myBulletins is a page on Microsoft's Technet site for IT professionals that holds a list of security bulletins which apply to products the user has selected. The page includes all the essentials of each security bulletin: the date posted, ID, product name, impact (type of vulnerability, e.g. information disclosure, remote code execution, etc.), severity level and whether the update requires a reboot.

A summary up top shows the number of updates by severity level and the number requiring a reboot.

myBulletins1
Image: ZDNet/CBS Interactive

The information on severity and reboots have long been included in bulletins, even in the Patch Tuesday advance notification, to help large organizations prioritize updates and plan for downtime from them.

Microsoft says that myBulletins "...is a very useful online service for administrators in enterprise or small and medium sized business environments." But in a larger organization, any with a Windows domain at least, Microsoft's WSUS (Windows Server Update Services) or a third party patch management system would do all of what myBulletins does and much more.

myBulletins only knows what the user tells it; it detects nothing from the user's systems and provides no way to keep track of which updates have been applied. The user can download the contents of the bulletin list to an Excel spreadsheet and perform some management functions there. The downloaded spreadsheet includes much more information than the myBulletins page, including Knowledge Base article links, CVE numbers (vulnerability identifiers), and whether any earlier bulletins were superceded by this new one.

We were surprised to see many products on the list from which users could choose which haven't been supported for many years, among them Office XP, Internet Explorer 5 and SQL Server 2000.

If the point is to help users to keep up with patches then these products seem beside the point. We asked Microsoft about the inclusion of the obsolete products and they said that customer feedback indicated that customers wanted to be able to reference past security bulletins. 

Tracey Pretorius, Director of Microsoft Trustworthy Computing, announced myBulletins in an MSRC (Microsoft Security Response Center) blog entry today.

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.