"The change did nothing to make our lives easier and made it much more difficult to determine our internal severity based on the attack methods," added J_DDS on the same thread. "I'm all for a searchable database but don't trash the system that worked perfectly in the past."
Microsoft's stock response in the support threads was penned by Chris Wojahn, a senior escalation engineer in the support group. "We understand the concern about the changes made to ... the Security Update Guide replacing the numerous KBs [knowledge base documents] of the past," Wojahn wrote. "The change is to align with the move from individual updates to the cumulative update process."
Wojahn's explanation for the change was contrary to what Microsoft last year claimed had prompted the decision. "Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs," the Microsoft Security Response Center stated in November when it announced the latest switch.
Microsoft never linked the death of bulletins to its earlier decision to eliminate individual patches and in their stead, provide only cumulative security updates for all versions of Windows. Instead, its vague rationale only mystified customers. "They were all scratching their heads, wondering why Microsoft made it harder to find stuff," said Chris Goettl, product manager with patch management vendor Ivanti, of users who attended an April 12 webinar on the month's patches.
The lack of communication was something another critic focused on in comments to the support forum. "Honestly I know you've communicated random fragments of this ... change across random Microsoft blogs, but Microsoft should have done a better job in making it a bit clearer," said chicaneUK. "I don't understand how this is an improvement of the process, nor how it is saving us time or making things easier."
Microsoft has also posted a FAQ that covers the SUG portal and its dashboard.
Sign up for CIO Asia eNewsletters.