Security News > 2022 > October > Microsoft adds new RSS feed for security update notifications
Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide.
Typically, Microsoft discloses new vulnerabilities twice a month, the bulk being the monthly Patch Tuesday and when Microsoft fixes vulnerabilities in Microsoft Edge.
If a new vulnerability is publicly disclosed before Microsoft can fix it and Microsoft believes it is important for customers to be aware, they will add new entries to SUG when releasing out-of-band advisories.
Last month, Microsoft added two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082 to the SUG. While these bugs have not received any security updates yet, Microsoft did release mitigations that can help protect Internet-exposed servers, illustrating the need to stay aware of new security issues.
Due to this, many customers have requested Microsoft add an RSS feed to the Security Update Guide so they can get immediate notifications when a new CVE is added.
"With regards to the RSS feed, we have received feedback from some of our customers that an RSS feed on the Security Update Guide would be greatly appreciated," Microsoft said in today's announcement.
News URL
Related news
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Microsoft overhauls security for publishing Edge extensions (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft warns it lost some customer's security logs for a month (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
2022-10-03 | CVE-2022-41040 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.8 |