In October of 2008, Microsoft published its first Exploitability Index: a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release.
As of this month, we are making some changes to the rating system to make vulnerability assessment more clear and digestible for customers. Specifically, we will be publishing two Exploitability Index ratings per vulnerability- one for the most recent platform, the other as an aggregate rating for all older versions of the software. This change makes it easier for customers on recent platforms to determine their risk given the extra security mitigations and features built in to Microsoft’s newest products; under the previous system, vulnerabilities were given an aggregate rating across all product versions.
