Securezoo Articles
Article Topics   
By Frank Crast, 1/16/2017

January 2017 will be the last month Microsoft will offer a monthly security bulletin. The company instead will deliver security updates through a searchable database and web portal called Security Updates Guide (SUG). The security portal is already live, but will formally replace the Security Bulletins system in February. 

Although the jury is still out on how it will be perceived in the enterprise IT and security communities, I took a peak under the covers of SUG and actually like what I've seen so far. 

For starters, Microsoft encourages customers to enable automatic updates, a smart thing to do for the average small business and home user. 

For enterprises or organizations that need to test and rollout patches on a schedule to ensure business application compatibility, SUG offers an excellent way to search patches and vulnerabilities more relevant to them or the products they support. 

The SUG dashboard portal is intuitive and easy to use. As illustrated in Figure A, users can search for relevant security advisories by date range, product categories, software products, severities and impacts:

Figure A: Security Updates Guide Portal

The default view displays the last month's worth of patches in a "Security Updates" table to include supporting KB articles, date, relevant product and platform (such as Windows 10 or Windows Server 2012). Users can click through any of the listed updates to review more about the vulnerability. 

I did a quick search to find 12 relevant vulnerabilities (for Adobe Flash Player) that matched my input criteria of Critical severity and Remote Code Execution (RCE) under the Impact pull-down menu. I also found two other RCE bugs listed as "Important" for Microsoft Word products. The search feature makes it easier to find vulnerabilities by different sets of criteria. 

Other notable features include the ability to download the updates to a CSV file and ability to search by CVE number. 

See Microsoft's original blog post and also Frequently Asked Questions page for more details on the new SUG system.


Topic: Patch Management, Vulnerability Management