This is the Trace Id: af5de3e341b1d160f89b60be36f1ea05
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

Microsoft security updates and the Common Vulnerability Reporting Framework

MSRC
/ By MSRC /

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.1 of its CVRF – a markup system designed to make security bulletins and advisories machine readable in an industry-standard fashion.

Even though many vendors have followed Microsoft’s lead in providing comprehensive security updates to customers, the formats vendors use vary. CVRF provides the entire industry with a way to share and present data in a coordinated and structured manner.

CVRF is free for anyone to examine and use. The goal is to build a data-markup framework that can be used by anyone publishing or examining security update information on the Internet.

CVRF is a work in process. For many customers, a machine-readable markup framework for security releases might not be a pressing need. For instance, home-computer users or small businesses may choose to install security updates automatically. However, many business customers spend time “copying and pasting” our security bulletin content into their risk management systems, spreadsheets and corporate notification emails manually as part of their IT security compliance and remediation task list.

For these customers, this machine-readable format may enable more efficiency and automation. Faster and more efficient guidance for these customers means they can more quickly ensure protection, which is always our goal. For those that do not require automation, we will continue to offer our bulletins in the current format. For those customers looking to automate and streamline their security-management process, or for those who are simply curious to see what happens when vendors from around the industry roll up their sleeves and work to make the update process better, visit the Connect portal to read more about CVRF, and to examine CVRF-formatted bulletins. Visit https://connect.microsoft.com/ and click SIGN IN in the upper right-hand corner to sign in with your Windows Live ID. Once you are signed in and are looking at the home page, use the invitation code “cvrf-9BK8-6W2T” (without quotes) to join the program, or visit https://connect.microsoft.com/site1098/InvitationUse.aspx?ProgramID=7665&InvitationID=cvrf-9BK8-6W2T directly.

Your feedback will be relayed to the ICASI working group of which Microsoft is a member. Together we’ll continue to make CVRF a truly robust, collaborative standard throughout the Internet ecosystem.

Update: If you would like to find out more information about the CVRF standard, please join the CVRF working group webinar on Tuesday, 30 May at noon EDT. They will provide an overview of CVRF v1.1 and showcase the improvements in this latest revision. You can register at http://register.webcastgroup.com/L4/?wid=0557685978

Mike Reavey

Senior Director, MSRC

Surface Pro Surface Laptop Surface Laptop Ultra Surface RTX Spark Dev Box Copilot for organizations Copilot for personal use Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads