Security News > 2002 > December > RE: Microsoft upgrades IE flaw to critical after criticism

RE: Microsoft upgrades IE flaw to critical after criticism
2002-12-18 09:46

Forwarded from: "Kuypers, Jimmy" CMIIW, but didn't microsoft anounce to downplay alot of it's security warnings to less then "critical" because of the many critical patches real end-users could no longer distinquish wich patches are truely critical (imo all are ofcourse) and then the end-users wouldn't download any of them... This was also called the "boy who cried wolf" effect.... Leme see, yes a quote : "The Redmond-based software giant also plans to limit the "critical" rating on security alerts to customers because of fears that too many high-level alerts were being issued. Instead of issuing a "critical" rating on vulnerability warnings, Microsoft has modified its Severity Rating Criteria to specify clearly which bugs needed to be addressed immediately. "There is also a widespread feeling that the Severity Ratings are difficult to understand and apply. For these reasons, we have modified (the criteria) to help customers more easily evaluate the impact of security issues," Lipner explained. So far this year, almost half of Microsoft's 64 vulnerability alerts were tagged with the 'critical' rating and security experts have warned about a potential "cry wolf" situation if too many insignificant patches came with the highest-level rating. " I got this from http://www.internetnews.com/dev-news/article.php/1503241 but I first got wind of it via this article http://www.tweakers.net/nieuws/24378/?highlight=critical+%2B+microsoft+%2B+p atch (some of it in Dutch) Conclusion: So we can expect less "critical" patches from MS now. Just keep in mind that this doesn't mean there are less bugs or security problems with the MS software. Eventho MS re-upgraded the severity level of this patch due to negative feedback, this won't get them to step of their new policy of downplaying security warnings. Greatings, Jimmy -----Original Message----- From: InfoSec News [mailto:isn () c4i org] Sent: woensdag 11 december 2002 9:25 To: isn () attrition org Subject: Re: [ISN] Microsoft upgrades IE flaw to critical after criticism Forwarded from: joerg () fs is uni-sb de Allow me to comment a little bit on this one:


News URL

http://www.internetnews.com/dev-news/article.php/1503241

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774