Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

Updated: July 11, 2020 (November 5, 2001)

  Charts & Illustrations

Security Bulletin Severity Rating System

My Atlas / Charts & Illustrations

278 wordsTime to read: 2 min
Michael Cherry by
Michael Cherry
Michael Cherry by
Michael Cherry

Michael analyzed and wrote about Microsoft's operating systems, including the Windows client OS, as well as compliance and governance. Michael... more

To ensure that organizations apply the most critical bug fixes, the Microsoft Security Response Center will begin rating vulnerabilities according to risk.

The rating system begins by separating the system environments into the following categories:

  • Internet-facing servers, such as Web servers or firewalls
  • Internal servers that are protected by a firewall but exposed to an organization’s internal users, such as domain controllers, member servers, or terminal servers
  • Client systems, such as desktops, home PCs, and laptops.

The potential impact of the vulnerability is then rated. At one extreme are vulnerabilities that allow the attacker to gain administrative control or require a complete reinstallation for recovery. At the other extreme are “reconnaissance” vulnerabilities that only reveal information about a system to the attacker. To address this spectrum, the Security Response Center created “critical,” “moderate,” and “low” severity ratings for the three environments.

The following table summarizes the rating system by severity level and system environment.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now