Microsoft Updates Security Threat System
In an attempt to help users identify the most serious threats to their networks, Microsoft Corp. has added another category to its security rating system.
The new category, the fourth in the system, only rates threats as 'critical' if a vulnerability could be exploited, allowing a worm to spread without the user clicking on an executable or otherwise taking action. That means fewer threats will receive the highest or 'critical' alert rating. Threats that earlier would have been rated 'critical' now will probably receive an 'important' rating.
Microsoft has been making adjustments to its security alert system for the past few months.
This past November, Microsoft revised its Security Bulletin Rating System, to more clearly identify serious security issues and to offer rating information that is easier to understand.
Later last year, Microsoft upped the ante of its security promises by saying it will tear out troublesome code that has climbed the evolutionary ladder from early Windows versions to the latest releases, which are reportedly double in size to their Windows 95 predecessor. Microsoft, according to Steve Lipner, Microsoft's director of security assurance, is working to retire old, security-weak code in its Windows operating system.