Skip to main content

Security Updates Guide dashboard and API:
Frequently Asked Questions

A note on terminology: throughout the FAQ, the terms “security bulletin” or “bulletin” refer to the security bulletin webpages that Microsoft has published for the past 12 years, such as Microsoft Security Bulletin MS16-142 – Cumulative Security Update for Internet Explorer.

Q: Why is the security bulletin ID number (e.g. MS16-XXX) not included in the new Security Updates Guide?

A: The way Microsoft documents security updates is changing. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired after the January 10, 2017 security update release. The new model for documenting security updates is the Security Updates Guide. Instead of bulletin IDs, the new guide pivots on vulnerability ID numbers and KB Article ID numbers.

Q: I have update processes built around the traditional security bulletin model. How soon will the Security Updates Guide replace traditional security bulletins?

A: Microsoft will continue publishing traditional security bulletins as individual webpages through January 10, 2017. After January 10, 2017, security update information will only be published in the Security Updates Guide.

Q: Will the previously published security bulletin webpages remain available?

A: Yes. Previously published traditional security bulletin webpages will remain online in their current location.

Q: Microsoft currently groups related security updates in the form of the traditional security bulletin webpages. I use these groupings to communicate security updates to my various patch deployment teams. Using the new Security Updates Guide dashboard model, how can I group related updates?

A: In the Security Updates Guide, you can group related updates by combining the date filter with Product Category filter. You can then download the results to CSV.

Q: I currently use the monthly security bulletin summary webpage (e.g. Microsoft Security Bulletin Summary for November 2016). Will these security release summary webpages continue to be available after January 10, 2016, or will something similar be offered in the new Security Updates Guide?

A: The monthly security release summary webpages will not be published monthly after January 10, 2017. However, there is a Monthly Summary Page in the Security Update Guide here: https://portal.msrc.microsoft.com/en-us/security-guidance/summary

Q: Will the Security Updates Guide be released in languages other than English?

A: Yes. Microsoft will publish security update release details in the Security Updates Guide in the same languages as are currently supported with traditional security bulletin webpages after January 2017.

Q: Where can I learn more about the API for the Security Updates Guide, and how to use it?

A: The API is documented (including code snippets) on the Developer tab of the Security Updates Guide.

Q: How will the publication of traditional security advisory webpages (e.g. Microsoft Security Advisory 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege) be affected by this transition to the new Security Updates Guide?

A: Microsoft will continue publishing security advisories using the current publication model.

Q: Will Microsoft continue to publish acknowledgements of the researchers who reported a vulnerability?

A: Yes. You can find acknowledgements in the CVE Detail sections of the Security Updates Guide. You can also see a list of all Acknowledgements here: https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments

Q: What will happen to security bulletin ID numbers?

A: Microsoft will no longer use bulletin ID numbers for documenting new security updates after January 10, 2017. Bulletin ID numbers and bulletin webpages for security updates released before February 14, 2017 will be maintained.

Q: Will new updates released, or revisions in the Security Updates Guide trigger a notification in the same way that a security bulletin revision triggers a notification to customers today (via Microsoft Technical Security Notifications)?

A: The functionality to sign up to receive notifications when new data is added to the Security Updates Guide or when there are revisions to existing data already in the Security Updates Guide will be added to the portal.

Q: Will Microsoft continue to provide notification for out-of-band security update releases?

A: Yes.

Q: I am using Microsoft Patch management software such as WSUS or SCCM. How will those tools be affected by security bulletin deprecation?

A: Microsoft Patch Management tools will be updated as needed to ensure that these tools will continue to work correctly with the new Security Updates Guide.

Q: I am using 3rd party management tools. Will there be any impact on those products?

A: We are working with companies that provide management tools to adjust their products to work with the new Security Updates Guide. Microsoft cannot guarantee that all third-party software will work in the future.

Q: Will all the details we see currently on security bulletin webpages also be supported in the new Security Updates Guide?

A: Yes. Most information is already present. By February, information provided in the new Security Updates Guide will be on par with the set of details available in traditional security bulletin webpages.

Q: Will there be any change to the bulletin data spreadsheet?

A: The historical bulletin search spreadsheets will continue to be available on TechNet. With the new Security Updates Guide, you can create similar spreadsheets that relate individual CVEs to affected software. The columns relevant to bulletins specifically will be removed.

Q: Will there be any change on My Bulletin portal? ( http://mybulletins.technet.microsoft.com/)

A: Yes. The MyBulletins webpage will no longer be supported after January Update Tuesday.

Q: Can I save my filter condition?

A: The preview version of the Portal will automatically save the search settings that you last used.

Q: Are there any prerequisites for using the API?

A: To use the API you must first log into TechNet with a Microsoft Live ID. The first time that you use the API you must create a key. It will be saved for subsequent uses.

Q: Do I need to be logged into my Microsoft account to use the Security Updates Guide dashboard and API?

A: The Security Updates Guide dashboard is available without logging into TechNet. If you click the Developer tab to access the API, you’ll be prompted to log in to your Microsoft account.

Q: I have suggestions for how to improve the portal. Where should I send them?

A: Thanks! You can send suggestions to portalfback@microsoft.com.

MSRC Blog

SRD Blog