13 September 18, 15:35
Microsoft published two security-related documents recently that describe how the company determines the severity level of vulnerabilities and how it decides when to release the updates.
The first document, Microsoft Vulnerability Severity Classification for Windows, lists information that Microsoft's Security Response Center uses to classify the severity of security issues disclosed to the company or found by company employees.
Microsoft distinguishes between server and client systems, and classifies vulnerabilities accordingly.
Certain vulnerability or attack characteristics may lead to higher or lower severity ratings.
Full reading: https://www.ghacks.net/2018/09/11/micros...rity-bugs/
The first document, Microsoft Vulnerability Severity Classification for Windows, lists information that Microsoft's Security Response Center uses to classify the severity of security issues disclosed to the company or found by company employees.
Microsoft distinguishes between server and client systems, and classifies vulnerabilities accordingly.
Certain vulnerability or attack characteristics may lead to higher or lower severity ratings.
Full reading: https://www.ghacks.net/2018/09/11/micros...rity-bugs/