Current Microsoft Security Bulletin Naming Convention As Of April 11th, 2017

Version 21

    Overview

     

    Starting with the April 11th 2017 Patch Tuesday, no longer has used a traditional naming format for Security Bulletins. To help our customer's, we created our own naming format as follows:

     

    The new Security Bulletin mappings our products will be using: MS[YY]-[MM]-[PP(P)]

     

    • MS = Microsoft
    • YY = Year
    • MM = Month Released
    • PP =  Product

     

    Here are examples from Patch Tuesday December 12, 2017:

     

    • MS17-12-OFF
      • All Office patches
    • MS17-11-O365
      • Security Only Updates for Office 365
    • MS17-12-IE
      • All IE patches
    • MS17-12-AFP
      • All Microsoft released Flash patches
    • MS17-12-W10
      • All Windows 10 patches, rollups and Deltas
    • MS17-12-2K8
      • All Vista and 2008 patches
    • MS17-12-SO7
      • Security Only Update for Windows 7 and Server 2008 R2
    • MS17-12-SO8
      • Security Only Update for Server 2012
    • MS17-12-SO81
      • Security Only Update for Windows 8.1 and Server 2012 R2
    • MS17-12-MR7
      • Monthly Rollup for Windows 7 and Server 2008 R2 (this is the rollup that includes non-security fixes)
    • MS17-12-MR8
      • Monthly Rollup for Server 2012 (this is the rollup that includes non-security fixes)
    • MS17-12-MR81
      • Monthly Rollup for Windows 8.1 and Server 2012 R2 (this is the rollup that includes non-security fixes)
    • MS17-12-SLV
      • All Microsoft Silverlight patches
    • MS17-12-2K3
      • All Server 2003 patches for the customers that subscribe to them (Extended support)
    • MS17-12-XPE
      • All Microsoft XP Embedded patches

     

    .NET Patches will follow a slightly different naming scheme:

     

    • MS[YY]-[MM]-[TT][PP]-[KB]
      • YY = Year
      • MM = Month
      • TT = Type (Security Only or Monthly Rollup)
      • PP = Product (.NET)
      • KB = Parent KB
    • MS17-12-SONET-1234567
      • Security only patches associated with that parent KB
      • Security patch type
    • MS17-12-MRNET-1234567
      • Monthly Rollup associated with that parent KB
      • Non-Security patch type

     

    Non-security .NET Patches also have a slightly different naming scheme:

     

    • MSNS[YY]-[MM]-[TT][PP]-[KB]
      • YY = Year
      • MM = Month
      • TT = Type (Quality Preview or Quality Rollup)
      • PP = Product (.NET)
      • KB = Parent KB
    • MSNS17-12-QPNET-1234567
      • Quality Preview patches associated with that parent KB
      • Non-Security patch type
    • MSNS17-12-QRNET-1234567
      • Quality Rollup associated with that parent KB
      • Non-Security patch type

     

    Additional Information

     

    Additional Naming Conventions

    • QP = Quality Preview
    • NS = Non-Security

     

    Microsoft released the following article for FAQ on the changes made: Security Updates Guide dashboard and API:

     

    Q: Why is the security bulletin ID number (e.g. MS16-XXX) not included in the new Security Update Guide?

    A: The way Microsoft documents security updates is changing. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired and replaced with the Security Update Guide. Instead of bulletin IDs, the new guide pivots on vulnerability ID numbers and KB Article ID numbers.

     

     

    Affected Product(s)

     

    Shavlik Protect

    Shavlik Patch

    Ivanti Patch for Windows Servers

    Ivanti Patch for SCCM