What you need to know about changes to Microsoft’s Security Update Guide | #microsoft | #hacking | #cybersecurity


Microsoft recently changed how it presents and explains its security vulnerabilities in its products. The new security guide aligns itself with security and industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS), which presents a vulnerability’s key characteristics and assigns a numerical score to its severity. The intent of that score is to help organizations better assess a vulnerability’s risk and respond appropriately. Microsoft scores every vulnerability (except for those that it automatically patches, such as with Microsoft Edge) and displays the details that make up that score in a new version of its Security Update Guide.

What’s in the new Security Update Guide

Each vulnerability bulletin in the Security Update Guide starts by explaining base score metrics. This section explains the initial attack vector. It indicates the attack source: local, adjacent network, physical, or network. Local means that the attacker must either have physical access to the vulnerable system or a local account. Adjacent network means that the attacker has access to attack in a manner close to the network (Bluetooth or ARP spoofing). Physical attacks need actual hands-on connection before they can be successful. Network attacks are often the most impactful vulnerabilities and are remotely exploitable.

bradley cvss1 CSO

Security Update Guide, top half



Original Source link

Leave a Reply

Your email address will not be published.

− four = 3