Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security Update Guide ushers in a new era of Microsoft updates

28 Mar 2017   #1
Brink

64-bit Windows 10 Pro
 
 
Security Update Guide ushers in a new era of Microsoft updates

Quote:
What do you think is the most important thing you can do to help secure both your client and server deployments?

If you said, “apply security updates as soon as possible” – then you guessed right.

Updating your applications, operating systems and firmware must be job one. Play fast and loose with updates, and it almost doesn’t matter what else you do to secure your systems.

Microsoft has a long history in being a leader with security updates. We deployed a worldwide network to support Windows Update, and enabled our enterprise customers to finely tune their update strategies with Windows Server Update Services and similar updating technologies. We’re serious and heavily invested in keeping you secure with updates. Be you in the cloud or on-premises, we’ve got you covered.

That’s not going to change.

What is going to change is how we let you know about updates.

In 2004, we started releasing what we called “Microsoft Security Bulletins” on what became known as “Patch Tuesday”. Each bulletin represented, in text format, an update which might address one or more vulnerabilities that applied to one or more software products.



While the bulletin approach did its job, it was hard for security teams to track, slice and dice the information. Many teams did the old “copy and paste” from the bulletins and put them into their own Word docs or Excel spreadsheets.

There’s a lot of overhead in that approach and Microsoft realized it was time to modernize the process. Today’s security organizations need the information they’re interested in that’s also in a format they can easily manipulate on a programmatic basis.

That’s where the new Security Update Guide comes in. In this model, you’ll use the Security Update Guide to get information about security updates each month. “Patch Tuesday” doesn’t go away, and there may sometimes still be out-of-band updates, but instead of getting information about updates from monthly security bulletins, you’ll be getting them from the Security Update Guide.

The Security Update Guide is a searchable database that you can use to find updates and filter them based on what you’re interested in. Once you find what you’re interested in, you can then download the list of updates and associated data as an Excel spreadsheet. That means the days of screen-scraping bulletins each month are over.

With this new tool you can:
  • Filter and sort using a variety of parameters, such as CVE or KB number, product type or release date
  • Focus on only on the updates that are important to you
  • Use a new RESTful API to speed up security information acquisition and recording
To get to the Security Update Guide, navigate to https://portal.msrc.microsoft.com/en-us/. You’ll go first to a landing page. There are some useful links on this page that you will want to check out. For example:
Click the Go to Security Update Guide button as seen in the figure below. You’ll need to accept the license agreement to use the dashboard, but you don’t have to sign in to use it. However, if you decide to check out what’s on the Developer tab (which we’ll talk about in a little bit), then you’ll need to sign in.



First, Now we’re at the Security Update Guide page. You’ll see something like the figure below. Notice that there are six ways you can filter your list of security updates (and you can combine filters):
  • Date
  • Product category
  • Product
  • Severity
  • Impact

Start with defining your date parameters – start and end date.

For product categories, you can view All Product Categories (which is the default), or click the drop-down list and you’ll see your options in the figure below. This is cool because if you’re not interested in, for example, Microsoft Biztalk Server updates, you don’t have to see them.



You can then scope down on the specific products within the categories you select. In this example, we left the default of All Product Categories, so when we click the drop down for All Products, we see all the Microsoft products. Of course, you can deselect any product you don’t want to see. There are a lot of products, so if you want to limit the number of products that appear in your report, pick the categories you’re specifically interested in first.



You can also filter by update severity. The default is All Severities but you can filter down to the ones you’re interested in – the figure below shows you what you have to choose from.



Similarly, you can choose updates based on impact. Again, the default is All Impacts, but you can customize this too.



If there is an update with a specific CVE or KB number you want to look up, just enter them into the Search on CVE number of KB Article box.



Under the filter options is a list of monthly release notes. Just click the release note you want to see and it will look like the page seen below.





At this point we’ve gone through the filters and seen how to view release notes. After you finish with your filters, you don’t need to click “OK” or anything like that. The list of updates that you’ve filtered for will automatically appear. The figure below shows the first three entries when use the defaults. For these three updates we can see the Date, related KB Article, Product and Platform information.


But wait! There’s more.

The figure below shows options to see more information. Just put a checkmark in the Details, Severity or Impact checkboxes. The report will automatically show the new information in additional columns.



You can filter the report even more using the text filter option, as seen in the figure below.

Finally, remember what we were talking about earlier – we don’t want to do screen-scraping like we used to, we want to get this information in a way that’s easier to manipulate. One way to do that is to download an Excel spreadsheet (.csv file) with all the information that appears in the online report.

Just click Download.





And for our dev friends, you can take advantage of the Microsoft Security Updates API to get Microsoft Security Update information. Just click DEVELOPER.



The Security Update Guide development API can be used to create a report in CVRF format. To use this API, click the DEVELOPER tab, and log into TechNet when prompted. From this tab, you can see code samples in a variety of scripting languages.



We’ve also posted some code samples in the Microsoft Security Updates API project on GitHub. Try them out, or contribute to the project if you have a script you would like to share with the community.



While security update bulletins made sense for a long time, today we need a more flexible and easily consumed publication model. We think these changes will reduce the effort of keeping up with security updates and integrating them into your update tracking systems.

Enjoy!

Tom


Source: Security Update Guide ushers in a new era of Microsoft updates

See also: Security Update Guide


My System SpecsSystem Spec
.
28 Mar 2017   #2
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
I believe this might be your longest quote
My System SpecsSystem Spec
28 Mar 2017   #3
Brink

64-bit Windows 10 Pro
 
 

My System SpecsSystem Spec
.

28 Mar 2017   #4
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
Your dedication is extraordinary
My System SpecsSystem Spec
28 Mar 2017   #5
Melchior

Windows 7 Ultimate SP1 x64 (v6.1.7601.23537)
 
 

lol nice post I will keep an eye on it.. UPDATES!! ^_^
My System SpecsSystem Spec
Reply

 Security Update Guide ushers in a new era of Microsoft updates




Thread Tools




Similar help and support threads
Thread Forum
What Are All These Microsoft Security Essential Updates?
I've used Microsoft Security Essentials (MSE) for years. It normally updates itself regularly however within the past 30 days it seems to update itself between 4 to 9 times daily. What's going on with this new update behavior? When I open Update History it shows a slew (up to 9 separate ones)...
Windows Updates & Activation
Are Microsoft Security Updates Really Necessary?
Some users of windows 7 claim that microsoft security updates are not necessary. They claim that their computer runs faster without them. Are there members of this forum that ignore the updates without problems?
Windows Updates & Activation
Update error 8007005 with microsoft security essentials update
Today it was an attempt to update Microsoft Security Essentials. Error code 80070005. Aaaaarrrggghhh
Windows Updates & Activation
Microsoft Office, security updates?
We have Microsoft Office 2007 installed. InfoPath, Powerpoint, Publisher, Word. Are we vulnerable to security holes in, for example, Excel? Should we install all Microsoft Office security updates?
Microsoft Office


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:33.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App