Microsoft Security Update Guide & its impact on Radia Patch management
Microsoft has recently announced a change in the way it documents security updates. Earlier Microsoft used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired after the January 10, 2017 security update release. The new way of documenting security updates is the Security Update Guide and as per this model, instead of bulletin IDs, this guide pivots on vulnerability ID numbers and KB Article ID numbers. The blog post in which this was announced in November 2016 says that this change would become effective from February 2017 Patch Tuesday onwards.
Microsoft has released a preview of Security Update Guide, the single destination for security vulnerability information. Instead of publishing bulletins to describe related vulnerabilities, the new portal lets customers view and search security vulnerability information in a single online database. Microsoft has released a new RESTful API to programmatically obtain Microsoft security update information as well. This API eliminates the need to employ outdated methods like HTML screen scraping of security bulletin web pages to assemble working databases of necessary and actionable information.
This advisory is for Radia customers to know the impact of the retirement of security bulletin webpages and bulletin ID numbers and the introduction of Security Update Guide.
Microsoft has confirmed that WSUSSCN2.cab, which allows for offline scanning, will not change at least for the foreseeable future and without any advanced notification.
Based on the confirmation from Microsoft, the only difference we envisage is that the administrators will be required to feed KB article numbers instead of Bulletin numbers while creating the acquisition jobs. Once done, the acquisition, discover and finalize will work seamlessly on the Windows end points across all the supported versions of Radia as before.
Radia team is in close communication with Microsoft on the technical details of Security Update Guide and we will ensure that Radia customers are able to maintain the business continuity through this change. We will update this forum if we hear subsequently from Microsoft on this.
If you have any questions, kindly write your query as an email at support@accelerite.com
Comments