No more MS security bulletins

Story he

https://it.slashdot.org/story/17/04/...rity-bulletins

Microsoft is no longer issuing public, numbered
explanations of bug. In the future the details of
bugs such as the recent MS word attack may need
to be researched via 3rd-party sites. (Which was
the case with the Word bug, anyway, because
MS hadn't officially recognized it when news came
out.)

The alternative is to use a new private system.
The new system is a searchable database but
requires javascript in the browser, becoming a member,
logging in to microsoftonline.com, and being tracked
by numerous entities such as omniture and webtrends.

https://portal.msrc.microsoft.com/en...urity-guidance

On Thu, 13 Apr 2017 09:20:28 -0400, in alt.comp.os.windows-10, Mayayana
wrote:

Story he

https://it.slashdot.org/story/17/04/...rity-bulletins

Microsoft is no longer issuing public, numbered
explanations of bug. In the future the details of
bugs such as the recent MS word attack may need
to be researched via 3rd-party sites. (Which was
the case with the Word bug, anyway, because
MS hadn't officially recognized it when news came
out.)

The alternative is to use a new private system.
The new system is a searchable database but
requires javascript in the browser, becoming a member,
logging in to microsoftonline.com, and being tracked
by numerous entities such as omniture and webtrends.

https://portal.msrc.microsoft.com/en...urity-guidance

I get a weekly update from US-CERT. Homeland Security releases all the
bugs Microsoft patches on a given Patch Tuesday the next Monday (The
release day for the weekly bulletin is Monday).

https://public.govdelivery.com/accou...subscriber/new

Go ahead and sign up. Microsoft's newsleter is redundant. There was never
a good reason to know ahead of the patch every bug that is out there. In
fact, if it gave too much detail, it would give black-hats a place to
look for a vulnerability.

CERT is quite comprehensive in its descriptions.

OTOH, the patches still have KB numbers and Knowledge Base articles, but
these contain a minimal description of what's actually patched. I'd like
to see MS improve the KB articles.

Here's the KB article for the latest rollup for v1703 Creators Update:

https://support.microsoft.com/en-us/...date-kb4015583

You can easily find the KB #s in Windows Update history.

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

Mayayana wrote:

Story he

https://it.slashdot.org/story/17/04/...rity-bulletins

Slashdot never has the actual story. They only provide a synopsis (aka
"news about news") and a link to the actual article, which is over at:

http://www.computerworld.com/article...ral-stays.html
(short URL: http://tinyurl.com/kd3jbkp)

Microsoft is no longer issuing public, numbered explanations of bug.
In the future the details of bugs such as the recent MS word attack
may need to be researched via 3rd-party sites. (Which was the case
with the Word bug, anyway, because MS hadn't officially recognized it
when news came out.)

So they're bringing the Windows 7 updates (obviously an OS they
discontinued support) in line with their vague updates for Windows 10.
Yeah, I expected to see that. Why would they still do it for Windows 7
if they're not doing it for Windows 10? Microsoft has been decreasing
their documentation on updates for quite awhile now. It has been
noticeable for over a year that details are often missing and
increasingly so. Used to be you could review each update, get details,
and determine if they applied to your setup (who the fart needs Skype
updates that doesn't have Skype installed) or determine if you wanted
them (do you want Microsoft to spy on you better, er, their telemetry
updates?). The details were linked to the update and there were links
in those articles to others to give you more info about the update.

The alternative is to use a new private system. The new system is a
searchable database but requires javascript in the browser, becoming
a member, logging in to microsoftonline.com, and being tracked by
numerous entities such as omniture and webtrends.

https://portal.msrc.microsoft.com/en...urity-guidance

Where did you have to register to become a member? Where did you have
to login? I'm not a member, did not have to login, but I could still
look at the articles and even refine the search by product, version, etc
(and why Javascript is required because it is an dynamic web page
designed for user interaction, not just for following a bunch of HTML
hyperlinks ad nauseum).

I use uMatrix (and uBlock Origin) in Firefox. They show no connections
or links to Omniture and Webtrends. However, maybe that requires
navigating to a different web page then where I landed.

"VanguardLH" wrote

| https://portal.msrc.microsoft.com/en...urity-guidance
|
| Where did you have to register to become a member? Where did you have
| to login?

I didn't and wouldn't become a member. Maybe the
script was the problem. The link above forwarded
me to login.microsoftonline.com, so I assumed one
needed to be a microsoftonline member. Maybe they
already know you or perhaps you have a cookie they
liked.

On 13/4/2017 6:20 AM, Mayayana wrote:
Microsoft is no longer issuing public, numbered
explanations of bug. In the future the details of
bugs such as the recent MS word attack may need
to be researched via 3rd-party sites. (Which was
the case with the Word bug, anyway, because
MS hadn't officially recognized it when news came
out.)

Not very interesting...