Microsoft debuts personalized patch dashboard for IT pros

Web-based myBulletins organizes security updates; gets a 'C' grade from one professional

Microsoft today launched a Web-based security dashboard for IT professionals that displays a customized view of the company's past patches.

Called "myBulletins," the dashboard shows the security updates for user-selected products, including the permutations of Windows, the iterations of Office and the various versions of its server-side software.

myBulletins information
myBulletins displays a small graph that tallies the updates by Microsoft's threat ranking system.

"[myBulletins is] a customizable online service that offers IT professionals a personalized list of the Microsoft security bulletins that matter most to their organization," Tracey Pretorius, a director in the company's Trustworthy Computing group, explained in a Wednesday blog.

The dashboard draws on the list of security bulletins -- the latter is Microsoft's term for its updates -- that Microsoft has long published on its website. In some ways, it replaces that list's search and filtering functions.

To use myBulletins, customers must log in with a Microsoft account, then step through a short wizard to select the product lines, a process that includes drilling down to specific products, like Office 2010, Windows 8.1, or SQL Server 2012.

Bulletins can be sorted by identifier, product, impact, severity and whether a reboot is required. The information can also be downloaded in Excel format for further manipulation.

One security professional was less than impressed.

"If their intent was to create a single customized dashboard of Microsoft security issues affecting my organization, then I'd have to give Microsoft a 'C' grade on this round," said Andrew Storms, director of DevOps at San Francisco-based CloudPassage.

Storms dinged myBulletins for not providing notifications of new bulletins that met his criteria, for not offering direct links to the associated knowledge base articles Microsoft publishes on its support site, and for not including security advisories that outline vulnerabilities that have not yet been patched.

"They can't send me a notification? I have to go and log in to this?" Storms asked. "I suspect they went for the minimum viable product here, but sadly for me, they are missing the two most important features: notifications and advisories."

Most IT personnel have access to similar lists already, Storms noted, through WSUS (Windows Server Update Services), the Microsoft patch management tool that's widely used in businesses. WSUS also shows those updates that have been applied to the organization, something myBulletins is incapable of duplicating, as it doesn't actually scan a PC or group of PCs.

"If I just wanted to see all the security patches affecting my enterprise, then WSUS already provides that," Storms said. "Maybe version 1.5 or later [myBulletins] might become more useful."

myBulletins can be called from Microsoft's site using any browser. The company has also published an FAQ with additional information about the dashboard.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Join the discussion
Be the first to comment on this article. Our Commenting Policies