Microsoft announced a while ago that it plans to do away with the two-decade old security bulletin release scheme, and switch over to the Security Update Guide service instead for update information.
Planned for February 2017 initially, the change was postponed. We don’t know why, but the postponing of security update releases for Windows and other Microsoft products in February may have had something to do with it.
In March 2017, Microsoft released security bulletins as if the previous announcement never happened. Coincidentally, we don’t know why Microsoft postponed the February Patch day, the company never stated why.
Security Update Guide issues
The Security Update Guide will be the place to go for security update information in the future. There is little doubt that Microsoft will still go ahead with the planned change.
If you open the Security Update Guide right now, you will notice that it is already live. It lists release notes for February and March, and security updates that date back to mid-February 2017.
The site looks fine on first glance. You can filter the listing by date, product, severity, impact, or KB ID for instance, and also search in the results again.
If you look closely however, you will notice that Microsoft does not list all security updates there for a given operating system or product.
Take the recently released security update for Microsoft Internet Explorer, KB4012204 for instance. The bulletin lists KB4012204 for Internet Explorer 9, 10 and 11.
If you check the Security Update Guide, you will notice that Internet Explorer 10 and 11 are not listed there. If you search for the KB ID, you only get the listing for Internet Explorer 9 (which means Vista and Server 2008).
If you download security updates manually, you may miss out on this important Internet Explorer update as it is not included in the monthly security only update release for Windows 7, 8.1, 10, and the server versions.
As Woody notes, the Internet Explorer update is also not listed on the cumulative update history page for Windows 7 and Windows Server 2008 R2, nor for Windows 8.1 and Windows Server 2012, 2012R2.
The question is, how do you know about future updates that are released that are not mentioned by Microsoft in key locations?
This is not a problem for systems that are updated through Windows Update. The Internet Explorer patch is delivered along with other security updates in this case.
If you happen to install updates manually for Windows however, you may miss out on pages due to oversights by Microsoft.
In case you are wondering, the updates are listed on the Microsoft Update Catalog. The information that you need to install 4012204 is also listed on the KB4012213 KB4012212 KB4012215 KB4012216 pages of the security only quality update release.
Still, the fact that the information is missing on the Security Update Guide listing is a blunder by Microsoft that the company should address quickly. If it is intended to be your one-stop shop for all things security updates, it has to list them all.
Now You: How would you like Microsoft to handle update information?