The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of the Security Update Guide. As we completed Preview this month, we want to let you know that we are continuing to listen to your feedback, and are working to enhance your experience. So—thank you!
Here are some highlights of what we are rolling out this month:
- Fixed a few bugs in translations and data population
- Improved the experience of using advisories, such as adding unique identifiers
- Restored the links to the MITRE site for CVE details
Today, you can consume Security Update Guide data in two ways: via the API with the industry-standard CVRF feed, and through the dashboard. The CVRF feed is meant to help IT professionals quickly consume the entire release through a machine-readable format, and is also accessible via our MSRCGetSecurityUpdates PowerShell module. The dashboard is for those who would like to visually explore security releases based on date ranges, platforms, severity, and impact – and optionally download the results to an Excel file – or to search for updates associated with a specific CVE or KB identifier.
We remain committed to ensuring transparency with our releases and providing tools to enable a more personal computing experience. If you have questions about the change, or how to accomplish certain tasks, we have a FAQ, as well as a TechNet support forum for the Security Update Guide. If you have questions about how to use the Security Update Guide or a suggestion to improve it, please post to the forum or (even better) upvote someone else’s suggestion if you also like it. We are listening.
Simon Pope Security Group Manager, Microsoft Security Response Center