Post Thu Jan 15, 2009 9:01 am

Microsoft Exploitability Index

While doing some research on the latest Microsoft Security Vulnerability (MS09-001), I stumbled upon something which i did not know and thought was a step in the right direction by Microsoft.

They have created a rating " Microsoft Exploitability Index " in addition to the "severity rating " they have been issuing with all the patches. MEI is suppose to help the end users/administrators priortize the deployment of patches in large enviroments based on the likelihood of exploit code been released. Here is more info :

"The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft security updates."

http://technet.microsoft.com/en-us/secu ... 98259.aspx

I think its a  nice tool and a step in right direction by Microsoft. This would help a lots of sysamins who can now evaluate the patch better and just do not rush to patch everything whenever a critical patch is released.
Last edited by vijay2 on Thu Jan 15, 2009 9:15 am, edited 1 time in total.
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+