Microsoft Patch Matrix Analysis
September 19, 2016This information allows you to see at a glance which Microsoft Security Bulletins apply to which products and the Severity Rating for each bulletin. Each Security Bulletin is listed complete with links to the full bulletin on Microsoft’s website. You can view Security Bulletins sorted in reverse numerical order or by the date the Bulletin was last updated.
Microsoft believe you should always apply patches to any software you’re using for which they issue a patch with either a Critical or Important rating and these patches should be applied as soon as is practically possible (especially Critical ones). For patches rated as either Moderate or Low Microsoft recommend you read the related security bulletin to decide whether you should apply the patch to your environment. Personally if Microsoft issues a patch for something I’d seriously consider installing it (after testing) regardless of the Rating. Easier said than done I know in a lot of environments but if you don’t patch you’re asking for trouble.
Severity Ratings Microsoft use the following system to rate the severity for each vulnerability. This information has been reproduced from the “Microsoft Security Response Center Security Bulletin Severity Rating System” which you can find at:
https://technet.microsoft.com/en-us/security/hh314216.aspx
We’ve added the “Color” column onto the end of the table so that you can tell at a glance what Severity Rating Microsoft have assigned to the software affected by each vulnerability.
Rating | Definition | Color |
Critical | A vulnerability whose exploitation could allow the propagation of an Internet worm without user action | Red |
Important | A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. | Orange |
Moderate | Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation | Green |
Low | A vulnerability whose exploitation is extremely difficult, or whose impact is minimal. | Black |
Security Vulnerabilities by Number
The following is a list of Security Vulnerabilities issued year-to-date (dd/mm/yy) with the most recent first.
Patch No. | Title | Affects/ Severity | Issued/ Updated |