Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide.
When Microsoft fixes a security vulnerability in one of its products, they disclose details in the Security Update Guide (SUG).
Typically, Microsoft discloses new vulnerabilities twice a month, the bulk being the monthly Patch Tuesday and when Microsoft fixes vulnerabilities in Microsoft Edge.
However, if a new vulnerability is publicly disclosed before Microsoft can fix it and Microsoft believes it is important for customers to be aware, they will add new entries to SUG when releasing out-of-band advisories.
For example, last month, Microsoft added two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082 to the SUG.
While these bugs have not received any security updates yet, Microsoft did release mitigations that can help protect Internet-exposed servers, illustrating the need to stay aware of new security issues.
While email notifications for additions to the Security Update Guide, they require a user to create a Microsoft account to receive them and are not sent immediately.
Due to this, many customers have requested Microsoft add an RSS feed to the Security Update Guide so they can get immediate notifications when a new CVE is added.
“With regards to the RSS feed, we have received feedback from some of our customers that an RSS feed on the Security Update Guide (SUG) would be greatly appreciated,” Microsoft said in today’s announcement.
“A few customers have even asked for it to be the default form of communication. We heard your feedback, and you can now obtain SUG updates by pasting the URL of the RSS feed in any RSS reader.”
The URL for the new RSS feed is now live at https://api.msrc.microsoft.com/update-guide/rss and is also shared in the SUG using an RSS icon, as shown below.
To use the new RSS feed feature, you need to install an RSS Feed reader, whether a desktop application, mobile app, or browser extension.
Once you subscribe to the feed, you will automatically receive notifications when Microsoft adds a new CVE to the Security Update Guide, helping keep you aware of the latest security risks.
Once you subscribe to the feed, you will begin to receive notifications when Microsoft adds a new CVE to the Security Update Guide, helping keep you aware of the latest security risks.