Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Launches Security Bulletin Customization Service

Microsoft has launched a new online service designed to provide IT professionals a list of the security bulletins relevant for the products used by their organizations.

Microsoft has launched a new online service designed to provide IT professionals a list of the security bulletins relevant for the products used by their organizations.

Because many cyberattacks rely on unpatched vulnerabilities, it’s important that organizations always keep their software up to date. With Microsoft releasing security updates for several products each month, it is often hard to determine which of them are relevant.

With the launch of myBulletins, the Redmond, Washington-based software giant hopes to address this issue with the release of the customization service. To use the service, users must visit the myBulletins website, log in to their Microsoft account, and build their profile by selecting the products and versions installed on their systems. The online tool then provides a list of security updates through a personalized dashboard.

To make the patch-applying process even easier, myBulletins provides advanced search and filtering options. In order to help IT teams make quick decisions and efficiently apply patches, the deployment of security bulletins is prioritized based on release date, severity, and reboot requirements.

The list of security bulletins is dynamic and the dashboard it’s displayed in can easily be edited. For reporting purposes, the list can be exported to Microsoft Excel.

“myBulletins is our way to deliver on the promise to make applying security updates as seamless as possible,” Tracey Pretorius, director at Microsoft Trustworthy Computing, wrote in a blog post.

The new service has some good features, but it doesn’t help administrators with all aspects of patch management, explained Sergio Galindo, general manager of the infrastructure business unit at GFI Software.

“In short, the myBulletins service is a great idea and it has some good features, such as its filtering capabilities, but it lacks in the notifications area, i.e. users need to log into the console as there are no notifications,” Galindo told SecurityWeek.

“As the number of consoles that an IT administrator needs to log into grows, adding one more is not going to win any kudos from the community. While myBulletins allows you to narrow the focus of the alerts, IT administrators are still left with the ‘Now what do I do’,” Galindo added. 

“myBulletins is a way to narrow some of the Microsoft bulletins, but with the number of third party applications in use, it is best that IT administrators have the tools to get all their bulletins and patches in one place, as opposed to having to shift between multiple sources and different dashboards.”

The online service has been developed based on feedback from IT professionals, and Microsoft urges users to help the company improve the project by sharing their thoughts.   

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.