The new category, the fourth in the system, only rates threats as 'critical' if a vulnerability could be exploited, allowing a worm to spread without the user clicking on an executable or otherwise taking action. That means fewer threats will receive the highest or 'critical' alert rating. Threats that earlier would have been rated 'critical' now will probably receive an 'important' rating.
Microsoft has been making adjustments to its security alert system for the past few months.
This past November, Microsoft revised its Security Bulletin Rating System, to more clearly identify serious security issues and to offer rating information that is easier to understand.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i The changes all are part of Microsoft's Trustworthy Computing Initiative, which company chairman Bill Gates announced early in 2002. Gates said security would receive priority over the creation of new features. The announcement, however, has been followed by a myriad of vulnerability announcements and resulting criticism that the company isn't doing enough fast enough.
Later last year, Microsoft upped the ante of its security promises by saying it will tear out troublesome code that has climbed the evolutionary ladder from early Windows versions to the latest releases, which are reportedly double in size to their Windows 95 predecessor. Microsoft, according to Steve Lipner, Microsoft's director of security assurance, is working to retire old, security-weak code in its Windows operating system.