ID: IRCNE2014052205
Date: 2014-05-31
According to “ZDNet”, Fighting the long battle to get users to apply software updates promptly, Microsoft has launched a new service for individuals and smaller organizations that may help.
myBulletins is a page on Microsoft's Technet site for IT professionals that holds a list of security bulletins which apply to products the user has selected. The page includes all the essentials of each security bulletin: the date posted, ID, product name, impact (type of vulnerability, e.g. information disclosure, remote code execution, etc.), severity level and whether the update requires a reboot.
The information on severity and reboots have long been included in bulletins, even in the Patch Tuesday advance notification, to help large organizations prioritize updates and plan for downtime from them.
Microsoft says that myBulletins "...is a very useful online service for administrators in enterprise or small and medium sized business environments." But in a larger organization, any with a Windows domain at least, Microsoft's WSUS (Windows Server Update Services) or a third party patch management system would do all of what myBulletins does and much more.
myBulletins only knows what the user tells it; it detects nothing from the user's systems and provides no way to keep track of which updates have been applied. The user can download the contents of the bulletin list to an Excel spreadsheet and perform some management functions there. The downloaded spreadsheet includes much more information than the myBulletins page, including Knowledge Base article links, CVE numbers (vulnerability identifiers), and whether any earlier bulletins were superceded by this new one.
We were surprised to see many products on the list from which users could choose which haven't been supported for many years, among them Office XP, Internet Explorer 5 and SQL Server 2000.
- 3