Microsoft criticised for latest vulnerability rating


Microsoft criticised for latest vulnerability rating

Microsoft has added a fourth category to its security rating system in response to user complaints that they could not identify the most serious vulnerabilities.

However, critics feel that the extra tier will add even more complexity to an administrator's job.

Under the new system, fewer bulletins will get the "critical" stamp. Only vulnerabilities that could be exploited to allow malicious Internet worms to spread without user action will now be rated critical.

Many issues that were previously rated critical will now be ranked "important", the latest category in the rating system.

These "important" vulnerabilities could still expose user data or threaten system resources, but there are fears that they might not receive the urgent attention from administrators that they deserve.

"If Microsoft wanted to simplify matters, they should've done just that - cut the categories down from three to two levels. Administrators want to know whether a patch needs to be applied immediately, or if they can conveniently schedule it," said Thor Larholm, a Danish-based security researcher with PivX Solutions.

A two-tiered system would let administrators quickly decide whether they needed to drop all tasks at hand and apply a patch, or whether the risk was small enough that they could wait and include it in a weekly patch cycle.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy