New Microsoft service lists security bulletins for your software

New Microsoft service lists security bulletins for your software

Summary: Microsoft myBulletins service on Technet allows a user to determine which software updates they should apply. We think it's likely useful only for small organizations and individuals.

SHARE:
TOPICS: Security, Microsoft
8

Fighting the long battle to get users to apply software updates promptly, Microsoft has launched a new service for individuals and smaller organizations that may help.

myBulletins is a page on Microsoft's Technet site for IT professionals that holds a list of security bulletins which apply to products the user has selected. The page includes all the essentials of each security bulletin: the date posted, ID, product name, impact (type of vulnerability, e.g. information disclosure, remote code execution, etc.), severity level and whether the update requires a reboot.

A summary up top shows the number of updates by severity level and the number requiring a reboot.

myBulletins1
(Image: ZDNet/CBS Interactive)

The information on severity and reboots have long been included in bulletins, even in the Patch Tuesday advance notification, to help large organizations prioritize updates and plan for downtime from them.

Microsoft says that myBulletins "...is a very useful online service for administrators in enterprise or small and medium sized business environments." But in a larger organization, any with a Windows domain at least, Microsoft's WSUS (Windows Server Update Services) or a third party patch management system would do all of what myBulletins does and much more.

myBulletins only knows what the user tells it; it detects nothing from the user's systems and provides no way to keep track of which updates have been applied. The user can download the contents of the bulletin list to an Excel spreadsheet and perform some management functions there. The downloaded spreadsheet includes much more information than the myBulletins page, including Knowledge Base article links, CVE numbers (vulnerability identifiers), and whether any earlier bulletins were superceded by this new one.

We were surprised to see many products on the list from which users could choose which haven't been supported for many years, among them Office XP, Internet Explorer 5 and SQL Server 2000.

If the point is to help users to keep up with patches then these products seem beside the point. We asked Microsoft about the inclusion of the obsolete products and they said that customer feedback indicated that customers wanted to be able to reference past security bulletins. 

Tracey Pretorius, Director of Microsoft Trustworthy Computing, announced myBulletins in an MSRC (Microsoft Security Response Center) blog entry today.

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • People just don't care about security.

    They say they do. But that's merely lip service. Security = 1 / convenience. With the vast majority of the population convenience wins.
    ye
  • usefull for small orgs and individuals

    since MS has about 1.2 billion consumer individuals, sounds like it's pretty darn useful.
    CriticalSection
  • The public would care if they understood

    I'm supporting a few thousand users and everyone in my family down to the 3rd cousin echelon. When you explain it, they understand and act. They literally don't know what they don't know. Why can't the industry deal with that? Too much money to be gained in advertising?
    bboyce@...
  • eh thought they were killing technet

    nt
    greywolf7
    • just the software

      There used to be a Technet software subscription, but no more.
      larry@...
  • Anyone who gives a sh*t about security.

    Avoids all Microsoft products.
    Trusty Tahr
  • Alternative approach

    A much cheaper approach is to simply install patches 1 week after they are released. Most if not all flawed patches are pulled within a week.
    Sacr
    • Of course, if everyone did that...

      Then the patches wouldn't be pulled...
      jessepollard