Next Topic

Previous Topic

Book Contents

Security Update Severity Rating System

Kaseya Software Management 2.0 uses the Windows Update API to detect and install OS Patches on Microsoft devices.

Microsoft break these updates in to 4 categories, however, in Software Management, we currently break these in to two categories - Critical and Recommended.

There are 4 Microsoft ratings - Critical, Important, Moderate, and Low. These are defined below, with the Software Management severity in brackets.

Critical (SM Critical)

A vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing a web page or opening an email.

Microsoft recommends that customers apply Critical updates immediately.

Important (SM Recommended)

A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. These scenarios include common use scenarios where the client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability. Sequences of user actions that do not generate prompts or warnings are also covered.

Microsoft recommends that customers apply Important updates at the earliest opportunity.

Moderate (SM Recommended)

Impact of the vulnerability is mitigated to a significant degree by factors such as authentication requirements or applicability only to non-default configurations.

Microsoft recommends that customers consider applying the security update.

Low (SM Recommended)

The impact of the vulnerability is comprehensively mitigated by the characteristics of the affected component. Microsoft recommends that customers evaluate whether to apply the security update to the affected systems.

Microsoft Severity

Software Management Severity

Critical

Critical

Critical

Critical (Older than 30 days)

Important

Critical

Moderate

Recommended

Low

Recommended

Further details can be found on this Microsoft site:

https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system