Understanding How to Use the Microsoft Security Response Center Exploitability Index: Stakes for customers and users.

Pending the November bulletin summary on November 13, 2012, in concerning, the Microsoft Security Bulletin Advance Notification, Connectikpeople wanted a got back in concerning: Understanding How to Use the Microsoft Security Response Center Exploitability Index.

 For those who unfamiliar , ''on the second Tuesday of every month, the Microsoft Security Response Center (MSRC) releases security bulletins to notify customers that security updates are available to help protect against vulnerabilities in Microsoft software.  In addition to notifying customers that security updates are available, Microsoft security bulletins also serve to provide customers with information about the security updates that customers can use for their risk assessment, testing and deployment of security updates, and verification that security updates were successfully deployed.

Security Bulletins and Severity Rating System

One important piece of information that the security bulletins provide to help with risk assessment is the Severity Rating system. The Severity Rating is based on an analysis of the technical fundamentals of the vulnerability itself and indicates the worst possible impact if an attacker were always able to successfully levy an attack against the vulnerability. It is important to keep in mind that the Severity Rating is focused solely on the technical elements of the vulnerability itself, the Severity Rating system presents an assessment that assumes that all vulnerabilities discussed can be successfully exploited all the time: it doesn’t assess environmental factors such as the overall threat environment or the level of effort required by an attacker to successfully attack a system. The Severity Rating system is intended to provide customers with an initial, baseline assessment of the severity of the vulnerability based on our analysis of the technical details of the vulnerability. Customers can use this information to help in their own risk assessment process to prioritize the testing and deployment of security updates.

In addition to the individual security bulletins, as part of the regular monthly release, the MSRC also provides a security bulletin summary that provides an overview of all the month’s security bulletins. The bulletin summary lists the bulletins executive summaries and affected software, providing an overall and comparative view of the month's release. For an example, see this Microsoft Security Bulletin Summary.'' See the Microsoft Security Bulletins via this link !.