{"id":6934,"date":"2018-09-11T09:13:46","date_gmt":"2018-09-11T07:13:46","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=6934"},"modified":"2021-06-10T09:39:48","modified_gmt":"2021-06-10T07:39:48","slug":"microsofts-windows-security-servicing-criterias","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/09\/11\/microsofts-windows-security-servicing-criterias\/","title":{"rendered":"Microsoft&rsquo;s Windows Security Servicing Criteria"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2018\/09\/11\/microsofts-kriterien-fr-windows-sicherheitsupdates-9-2018\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]In September 2018, Microsoft published new documents that describe in more detail the criteria according to which security updates for Windows are developed. <\/p>\n<p><!--more--><\/p>\n<p>It hasn't been the first time, that Microsoft revealed some criteria used to develop security updates. <\/p>\n<h2>Patch development guidelines (June 2018)<\/h2>\n<p>In a paper <a href=\"https:\/\/web.archive.org\/web\/20210303094822\/http:\/\/msdnshared.blob.core.windows.net\/media\/2018\/06\/Microsoft-Security-Servicing-Commitments_SRD.pdf\" target=\"_blank\" rel=\"noopener\">Microsoft Security Servicing Commitments<\/a> (PDF document) that was still in draft stage, Microsoft revealed in June 2018 its decision chain for the development of security updates.<\/p>\n<ul>\n<li>Does the vulnerability violate a security limit or feature that Microsoft is committed to defending against attacks?\n<li>Is the severity of the vulnerability so severe that it must be addressed immediately by releasing a security update?<\/li>\n<\/ul>\n<p>If both questions are answered in the affirmative, Microsoft will start developing a security update and roll it out to the next patchday (Tuesday 2 of the month).<\/p>\n<h2>More Windows Security Servicing Criterias (Sept. 2018)<\/h2>\n<p>In new documents, Microsoft now provides insight into its security threat classification processes. A new article <a href=\"https:\/\/aka.ms\/windowscriteria\" target=\"_blank\" rel=\"noopener\">Microsoft Security Servicing Criteria for Windows<\/a> seems to be the final version of the above draft <a href=\"https:\/\/web.archive.org\/web\/20210303094822\/http:\/\/msdnshared.blob.core.windows.net\/media\/2018\/06\/Microsoft-Security-Servicing-Commitments_SRD.pdf\" target=\"_blank\" rel=\"noopener\">Microsoft Security Servicing Commitments<\/a>. <\/p>\n<p><img decoding=\"async\" title=\"Windows Security\/Update criterias\" alt=\"Windows Security\/Update criterias\" src=\"https:\/\/i.imgur.com\/o6VSdBL.jpg\"> <\/p>\n<p>There Microsoft outlines the criteria according to which security measures are taken as soon as a vulnerability is discovered.&nbsp; <\/p>\n<p>In a <a href=\"https:\/\/aka.ms\/windowsbugbar\" target=\"_blank\" rel=\"noopener\">second PDF document<\/a> Microsoft describes how they assigns severity to bug reports. The document reveals which bugs are classified as critical (e.g., a vulnerability allows unauthorized access to the file system), which are important, which bugs are ranked middle, and which are rated low risk. A denial of service error that only causes an application to restart is always considered low-risk. (<a href=\"https:\/\/www.zdnet.com\/article\/microsoft-details-for-the-first-time-how-it-classifies-windows-security-bugs\/\" target=\"_blank\" rel=\"noopener\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]In September 2018, Microsoft published new documents that describe in more detail the criteria according to which security updates for Windows are developed.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[69,195,194],"class_list":["post-6934","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-security","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=6934"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/6934\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=6934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=6934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=6934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}