Microsoft myBulletins Service Customizes Patch Details

Microsoft’s new myBulletins service is a dashboard view of Microsoft products in their environment and any related security bulletins and updates. Some are critical of its lack of security advisories and lack of notifications.

Microsoft today released its new myBulletins service, an interface where IT administrators can customize security patch update information.

While providing users with a slick GUI that allows for extensive filtering of patch information by the products in use inside an enterprise or small company, some users were left hollow.

“For me it was missing the two most important things: notifications and security advisories,” said Andrew Storms, director of DevOps for CloudPassage.

Security advisories differ from the roundup of monthly security bulletins that accompany Patch Tuesday security updates; advisories can warn users of zero-day vulnerabilities in Windows, Internet Explorer or other Microsoft software products. Other recent advisories provide administrators with a heads up regarding changes in how Microsoft handles older encryption algorithms such as RC4 or the deprecation of older hashes such as MD5.

Microsoft said myBulletins was built based on user feedback and enables administrators to personalize bulletins that matter most to their companies. Users need only log in using a Microsoft account and select the products and versions in use in their IT shops in order to get a display of the bulletins that apply to those products.

“You shared that you needed the ability to cut through complexity and make decisions quickly,” wrote Tracey Pretorius, director, Microsoft Trustworthy Computing. :You wanted help identifying the information that is most relevant to your organization. We heard you and acted on your feedback.”

Users have a number of search and filtering options, Microsoft said, and can prioritize bulletins by release date, severity and reboot requirements.

Many of those same options, however, are available in Windows Server Update Services (WSUS). Most organizations running a large number of Windows desktops and servers use WSUS to manage patch distribution.

“It’s not clear why I would use it over WSUS,” Storms said. “Plus WSUS provides me actionable [intelligence] on what systems need what patches. WSUS lets you select what products to subscribe to. It pulls patches, distributes them and tells you what systems need updates.”

“myBulletins is intended for IT professionals who are responsible for ongoing security specific update management within their organizations,” Pretorius said. “We believe it is a useful online service for administrators in enterprise or small and medium sized business environments. This is the debut version of the online service and we welcome and appreciate feedback on how to make this service even better moving forward.”

The lack of notifications is bothersome because users would have to load the myBulletins dashboard in order to learn if new security bulletins are available.

“Granted myBulletins is a slick search interface. It’s hard to see why it would be useful if you already are using WSUS which is free,” Storms said.

This article was updated at 5 p.m. ET with additional comments from Microsoft.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.