Advertisement
Microsoft recently changed how it presents and explains its security vulnerabilities in its products. The new security guide aligns itself with security and industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS), which presents a vulnerability’s key characteristics and assigns a numerical score to its severity. The intent of that score is to help organizations better assess a vulnerability’s risk and respond appropriately. Microsoft scores every vulnerability (except for those that it automatically patches, such as with Microsoft Edge) and displays the details that make up that score in a new version of its Security Update Guide.