Microsoft Revises Security Bulletins, Rating System | eWeek

Microsoft Revises Security Bulletins, Rating System

Écrit par
Dennis Fisher
Dennis Fisher
Nov 19, 2002
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

In the hopes of making its security bulletins more readable, Microsoft Corp. on Tuesday announced that it has revised the guidelines it uses to rate the severity of the security vulnerabilities in its products. The company will also establish a separate mailing list for end users who dont want or need all of the technical detail in the advisories it sends out to systems administrators and security specialists.

The changes are a result of feedback from customers who thought the bulletins were too detailed and confusing.

The Microsoft Security Response Center, which handles the investigation of any alleged vulnerabilities in the companys products, sends out an advisory to its Security Notification Service mailing list any time there is a confirmed flaw that might affect multiple customers. The list is open to anyone, but is made up mainly of highly technical users. As a result, the bulletins mailed out to the list include a lot of detail on the vulnerability itself, how it might be exploited and any mitigating factors.

Much of this information is lost on home users, who simply want to know about the problem and whether they need to install the patch.

“Customer feedback tells us that, while technical professionals value our security bulletins, many end-users find them overly detailed and confusing,” Steve Lipner, director of security assurance at Microsoft, in Redmond, Wash., wrote in a message to the mailing list.

The new end-user bulletins will explain the problem and remediation measures in laymans terms.

The revised guidelines add a fourth severity rating—Important—between Critical and Moderate. Important vulnerabilities are defined as those “whose exploitation could result in compromise of the confidentiality, integrity or availability of users data, or of the integrity or availability of processing resources.”

Microsoft implemented the rating system last year in an effort to give users a better idea of which vulnerabilities needed their immediate attention.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.