Thursday, May 05, 2011

Exploitability Index Changes and May Security Bulletin Advance Notice


A welcome change after the huge update in April, on Tuesday, May 10, Microsoft is scheduled to release two security bulletins.  The first addresses a critical vulnerability in Windows.  The second, identified as Important, addresses two vulnerabilities in Microsoft Office.  Both bulletins relate to remote code execution.

As explained in Exploitability Index Improvements Now Offer Additional Guidance:
"As of this month, we will split out the Exploitability Index into a rating for the most recent version of the software, and an aggregate rating for all older versions. In the scenario above, the rating for Windows 7 could be “2" whereas the rating for all other platforms would be "1”. This more accurately reflects risk to customers that keep their environment updated with the latest product releases."
An additional feature to the Exploitability Index will be an assessment of the Denial of Service risk.  Complete details are available in the above-referenced article.


References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


No comments: