Microsoft creates security ratings
By Jennifer Disabatino
(IDG) -- Microsoft Corp. said it is adding a rating system to its security warnings to help customers take the appropriate steps when faced with a security threat.
The company said security bulletins will be labeled with "critical," "moderate" or "low" severity ratings, and the bulletins will be sorted by type: client systems, Internet servers and internal servers.
Last year Microsoft issued 100 security warnings but the bulletins weren't organized by severity or type. The practice made it difficult for users to judge the severity of the threats, so they wouldn't install security patches, the company said.
"We are concerned that this conservative approach to identifying vulnerabilities that require action on our part may also have made it more difficult for many customers to identify those vulnerabilities that represent especially significant risks," the TechNet advisory says.
Users who didn't download security patches then ran the risk of being infected with widespread viruses such as the Code Red and Nimda. Worms such as these exploit known vulnerabilities in either client software, Internet servers or internal servers or any combination of the three, the announcement said, citing two recent, independent studies.
"We are well aware that not all vulnerabilities have equal impact on all users. When we conducted a review of the bulletins that applied to Windows 2000 (including Internet Explorer and Internet Information Service) in late 2000, we found only five bulletins (out of roughly fifty) that we subjectively judged to be of extremely high severity for the majority of affected users," the notice said.
A more detailed description of the bulletins is available in the TechNet section of Microsoft's Web site.
Microsoft has third go at plugging Exchange hole
June 15, 2001
Microsoft patches more security holes in IIS
May 17, 2001
Microsoft security flaw in shades of gray
May 7, 2001
RELATED IDG.net STORIES:
Analysts: Microsoft needs to look closely at security practices
Gartner to IS managers: Drop IIS
Microsoft stands by IIS despite Gartner recommendation
Microsoft offers security program for the enterprise
Microsoft warns of PowerPoint, Excel vulnerabilities
MS plugs seven Telnet security holes in Windows 2000
Another serious security hole in Microsoft IIS
Microsoft has third go at Exchange hole
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|