A draft document is circulating that showcases Microsoft’s decision tree for determining if known security vulnerabilities will get patched through servicing or if the company will wait until later to resolve them.
Here’s the premise of the document…
Our commitment to protecting customers from vulnerabilities in our products, services, and devices includes providing security updates that address these vulnerabilities when they are discovered. We also want to ensure we are transparent with our customers in our approach. This document helps to describe the criteria the Microsoft Security Response Center (MSRC) uses to determine whether a reported vulnerability will be addressed through servicing, or in the next version of a product. For vulnerabilities in products, this servicing takes the form of a security update, most commonly released as security updates on Update Tuesday. The purpose of this document is to clarify the commitments as they pertain to Windows.
Download the PDF: Microsoft Security Servicing Commitments
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!