Presentation is loading. Please wait.

Presentation is loading. Please wait.

Severity and Exploitability Index

Published bySylvie Marion Modified over 5 years ago

Similar presentations

Presentation on theme: "Severity and Exploitability Index"— Presentation transcript:

1 Severity and Exploitability Index
1 RISK 2 3 DP Severity CRITICAL IMPACT IMPORTANT MODERATE LOW MS10-032 MS10-033 MS10-034 MS10-035 MS10-036 MS10-037 MS10-038 MS10-039 MS10-040 MS10-041 ActiveX Kill Bit Windows Windows Office Windows Internet Explorer Windows Office Office Windows Windows The chart represents the aggregate severity and aggregate exploitability index rating for each bulletin. Note that each affected product may have a lower individual rating. Please consult the security bulletins directly for details. * DP = Deployment Priority

2 Deployment Priority Bulletin KB Public Aggregate Severity
Based on a combination of severity rating, exploitability index rating, available mitigations and workarounds and range of affected products. All customers should perform their own prioritization assessment as each environment is different and other factors may apply. Microsoft recommends that all security updates be deployed as soon as possible. This priority slide is provided "AS IS" with no warranties, and confers no rights. Deployment Priority Bulletin KB Public Aggregate Severity Exploit Index Max Impact Deployment Priority Note DirectShow MS10-033 979902 No Critical 1 RcE Critical on all supported versions of Windows. Can be exploited by opening a specially crafted file or visiting a malicious web page. KillBits MS10-034 980195 N/A Impacts users on all versions of Windows. IE MS10-035 982381 Yes Critical for all client operating systems. Can be exploited by opening a specially crafted file or visiting a malicious web page. Windows Kernel MS10-032 979559 Important 2 No Microsoft applications expose a remote vector. However, some 3rd party apps may parse fonts from untrusted sources and expose this vulnerability remotely and anonymously. Office COM MS10-036 983235 User interaction required. Office Excel MS10-038 SharePoint MS10-039 EoP Proof of concept code available in the wild. No known exploits. Should be given higher priority for SharePoint servers. IIS MS10-040 982666 Must install and enable extended protection for authentication. OpenType MS10-037 980218 3 The attacker must be able to log on locally. Lower exploitability index. .NET MS10-041 981343 Tampering Affects systems and applications that rely on Hash-Based Message Authentication Code (HMAC). Microsoft applications not affected.

Download ppt "Severity and Exploitability Index"

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
SSRS 2008 Architecture Improvements Scale-out SSRS 2008 Report Engine Scalability Improvements.

SSRS 2008 Architecture Improvements Scale-out SSRS 2008 Report Engine Scalability Improvements.
UNIT-e Roadmap Technology Day - November 2011. Where were we in 2006?  VB 6 Applications  Database Manager  Managers/Proformas  Office Builder  RG.

UNIT-e Roadmap Technology Day - November Where were we in 2006?  VB 6 Applications  Database Manager  Managers/Proformas  Office Builder  RG.
Monthly Security Bulletin Briefing

Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
NetAcumen ActiveX Install Instructions. Requirements: Administrator: User must be logged in as Administrator of the machine. If you are not the administrator,

NetAcumen ActiveX Install Instructions. Requirements: Administrator: User must be logged in as Administrator of the machine. If you are not the administrator,
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.

Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number 1-800-227-8104 Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.

Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Dial In Number 1-800-227-8104 PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.

九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely John Deere presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely John Deere presents:
Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft December 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft December 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.

Similar presentations

Ads by Google