Q: Why is the security bulletin ID number (e.g. MS16-XXX) not included in the new Security Updates Guide?
A: The way Microsoft documents security updates is changing. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired after the January 10, 2017 security update release. The new model for documenting security updates is the Security Updates Guide. Instead of bulletin IDs, the new guide pivots on vulnerability ID numbers and KB Article ID numbers.
Q: I have update processes built around the traditional security bulletin model. How soon will the Security Updates Guide replace traditional security bulletins?
A: Microsoft will continue publishing traditional security bulletins as individual webpages through January 10, 2017. After January 10, 2017, security update information will only be published in the Security Updates Guide.
Q: Will the previously published security bulletin webpages remain available?
A: Yes. Previously published traditional security bulletin webpages will remain online in their current location.
Q: Microsoft currently groups related security updates in the form of the traditional security bulletin webpages. I use these groupings to communicate security updates to my various patch deployment teams. Using the new Security Updates Guide dashboard model, how can I group related updates?
A: In the Security Updates Guide, you can group related updates by combining the date filter with Product Category filter. You can then download the results to CSV.
Q: Will the Security Updates Guide be released in languages other than English?
A: Yes. Microsoft will publish security update release details in the Security Updates Guide in the same languages as are currently supported with traditional security bulletin webpages after January 2017.
Q: Where can I learn more about the API for the Security Updates Guide, and how to use it?
A: The API is documented (including code snippets) on the
Developer tab of the Security Updates Guide.
Q: What will happen to security bulletin ID numbers?
A: Microsoft will no longer use bulletin ID numbers for documenting new security updates after January 10, 2017. Bulletin ID numbers and bulletin webpages for security updates released before February 14, 2017 will be maintained.
Q: Will new updates released, or revisions in the Security Updates Guide trigger a notification in the same way that a security bulletin revision triggers a notification to customers today (via Microsoft Technical Security Notifications)?
A: The functionality to sign up to receive notifications when new data is added to the Security Updates Guide or when there are revisions to existing data already in the Security Updates Guide will be added to the portal.
Q: Will Microsoft continue to provide notification for out-of-band security update releases?
Q: I am using Microsoft Patch management software such as WSUS or SCCM. How will those tools be affected by security bulletin deprecation?
A: Microsoft Patch Management tools will be updated as needed to ensure that these tools will continue to work correctly with the new Security Updates Guide.
Q: I am using 3rd party management tools. Will there be any impact on those products?
A: We are working with companies that provide management tools to adjust their products to work with the new Security Updates Guide. Microsoft cannot guarantee that all third-party software will work in the future.
Q: Will all the details we see currently on security bulletin webpages also be supported in the new Security Updates Guide?
A: Yes. Most information is already present. By February, information provided in the new Security Updates Guide will be on par with the set of details available in traditional security bulletin webpages.
Q: Will there be any change to the bulletin data spreadsheet?
A: The historical bulletin search spreadsheets will continue to be available on TechNet. With the new Security Updates Guide, you can create similar spreadsheets that relate individual CVEs to affected software. The columns relevant to bulletins specifically will be removed.
Q: Can I save my filter condition?
A: The preview version of the Portal will automatically save the search settings that you last used.
Q: Are there any prerequisites for using the API?
A: To use the API you must first log into TechNet with a Microsoft Live ID. The first time that you use the API you must create a key. It will be saved for subsequent uses.
Q: Do I need to be logged into my Microsoft account to use the Security Updates Guide dashboard and API?
A: The Security Updates Guide dashboard is available without logging into TechNet. If you click the Developer tab to access the API, you’ll be prompted to log in to your Microsoft account.
Q: I have suggestions for how to improve the portal. Where should I send them?
A: Thanks! You can send suggestions to