CVSS

Security Update Guide Supports CVEs Assigned by Industry Partners

Wednesday, January 13, 2021

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was started back in 1999 and is funded by the US federal government, currently out of the Cybersecurity and Infrastructure Security Agency (CISA).

Read More

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

[IT 管理者向け] CVSS を読み解いて脆弱性をより正しく理解する

Thursday, December 17, 2020

新しいバージョンのセキュリティ更新プログラムについては下記の関連ブログもご覧ください。 「新しいセキュ

Read More

• CVSS
• セキュリティ情報
• セキュリティ更新プログラム ガイド

Security Update Guide: Let's keep the conversation going

Tuesday, December 08, 2020

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able to run the new application.

Read More

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday

Vulnerability Descriptions in the New Version of the Security Update Guide

Monday, November 09, 2020

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.

Read More

• CVSS
• Security Update
• Security Update Guide
• Update Tuesday