Microsoft Security Bulletin naming convention change April 11th, 2017

Version 9

    Overview

     

    Starting with the April 11th 2017 Patch Tuesday, Microsoft will no longer be using a traditional naming format for Security Bulletins.

     

    The new Security Bulletin mappings our products will be using: MS[YY]-[MM]-[PP(P)]

     

    • MS = Microsoft
    • YY = Year
    • MM = Month Released
    • PP =  Product

     

    Here are examples from Patch Tuesday May 9th, 2017:

     

    • MS17-05-OFF
      • All office patches
    • MS17-05-IE
      • All IE patches
    • MS17-05-AFP
      • All Microsoft released Flash patches
    • MS17-05-W10
      • All Windows 10 patches, rollups and Deltas
    • MS17-05-2K8
      • All Vista and 2008 patches
    • MS17-05-SO7
      • Security Only Update for Windows 7 and Server 2008 R2
    • MS17-05-SO8
      • Security Only Update for Server 2012
    • MS17-05-SO81
      • Security Only Update for Windows 8.1 and Server 2012 R2
    • MS17-05-MR7
      • Monthly Rollup for Windows 7 and Server 2008 R2 (this is the rollup that includes non-security fixes)
    • MS17-05-MR8
      • Monthly Rollup for Server 2012 (this is the rollup that includes non-security fixes)
    • MS17-05-MR81
      • Monthly Rollup for Windows 8.1 and Server 2012 R2 (this is the rollup that includes non-security fixes)
    • MS17-05-SLV
      • All Microsoft Silverlight patches
    • MS17-05-2K3
      • All Server 2003 patches for the customers that subscribe to them (Extended support)
    • MS17-05-XPE
      • All Microsoft XP Embedded patches

     

    .NET Patches will follow a slightly different naming scheme:

     

    • MS[YY]-[MM]-[TT][PP]-[KB]
      • YY = Year
      • MM = Month
      • TT = Type (Security Only or Monthly Rollup)
      • PP = Product (.NET)
      • KB = Parent KB
    • MS17-05-SONET-1234567
      • Security only patches associated with that parent KB
      • Security patch type
    • MS17-05-MRNET-1234567
      • Monthly Rollup associated with that parent KB
      • Non-Security patch type

     

    Additional Information

     

     

    Q: Why is the security bulletin ID number (e.g. MS16-XXX) not included in the new Security Update Guide?

    A: The way Microsoft documents security updates is changing. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired and replaced with the Security Update Guide. Instead of bulletin IDs, the new guide pivots on vulnerability ID numbers and KB Article ID numbers.

     

     

    Affected Product(s)

     

    Shavlik Protect

    Shavlik Patch

    Ivanti Patch for Windows Servers

    Ivanti Patch for SCCM