Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

Updated: July 13, 2020 (December 9, 2002)

  Charts & Illustrations

Severity Level Changes

My Atlas / Charts & Illustrations

258 wordsTime to read: 2 min
Michael Cherry by
Michael Cherry
Michael Cherry by
Michael Cherry

Michael analyzed and wrote about Microsoft's operating systems, including the Windows client OS, as well as compliance and governance. Michael... more

Microsoft has modified the severity levels for reporting vulnerabilities in its products by adding a new “important” rating, and removing sub-criteria related to the type of server (Internet or internal) server or client system. The removal of the sub-criteria simplifies the definitions, and likely means that more vulnerabilities are rated “important” or “moderate,” rather than “critical.”

Rating New Definition Previous Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm, such as Code Red or Nimda, without user action (such as opening a message attachment). Internet Servers Web site defacement, denial of service, or full control.
Internal Servers Elevation of privileges, data disclosure, or modification; auditing difficult.
Client Systems Run arbitrary code without user action; remote escalation of privilege.
Important A vulnerability whose exploitation could result in compromise

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now