Microsoft Explains Whether a Vulnerability Turns Into a Windows Security Update

Discussion in '0-day Release' started by silversurfer, Jun 14, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Microsoft has released the criteria used to determine whether a reported and confirmed vulnerability is resolved through a security update or in the next version of Windows. These criteria were released in order to provide insight into the decision making progress and to receive feed back from security researchers.

    According to Microsoft, when a vulnerability is reported they evaluate how it should be handled by asking two questions.
    1. Does the vulnerability violate a security boundary or security feature that Microsoft has committed to defending against attacks?
    2. Is the severity of the vulnerability such that it requires immediate attention through the release of a security update?
    If the answer to both of those questions is "Yes", then a security update will be released. On the other hand, if the answer to either of the questions is "No", then the vulnerabilitity is usually, but not always, pushed towards being fixed in a new version of the software instead.

    Full Article:
    RGiskardR likes this.
  2. Google Adsense

Share This Page