Microsoft adds category to security rating system
Results 1 to 2 of 2

Thread: Microsoft adds category to security rating system

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002

    Microsoft adds category to security rating system

    Taken from here.

    Microsoft adds category to security rating system

    By Joris Evers
    January 13, 2003 7:42 am PT

    AFTER CUSTOMERS COMPLAINED that they couldn't identify the most serious security vulnerabilities, Microsoft has added a fourth category to its vulnerability rating system. But critics feel that the extra tier adds even more complexity to an administrator's job.

    Under the new system, fewer bulletins get the "critical" stamp. Only vulnerabilities that could be exploited to allow malicious Internet worms to spread without user action are now rated critical. Many issues that were previously rated critical are now "important," a new category in the rating system. These "important" vulnerabilities could still expose user data or threaten system resources, but they might not receive the urgent attention from administrators that they deserve.

    "If Microsoft wanted to simplify matters, they should've done just that -- cut the categories down from three to two levels. Administrators want to know whether a patch needs to be applied immediately, or if they can conveniently schedule it," says Thor Larholm, a Copenhagen, Denmark-based security researcher with PivX Solutions.

    A two-tiered system would let administrators quickly decide whether they need to drop all tasks at hand and apply a patch, or whether the risk is small enough that they can wait and include it in a weekly patch cycle.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    I believe that systems administrators should assess each patch on its merits and choose how/when to apply it. Many of the patches that Microsoft (and indeed many other vendors) release do not affect the majority of installations. In this case, the patch does not need to be applied.

    I've seen loads of broken boxes as a result of automatic patching programs installing something that doesn't work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts