All of Microsoft’s separately identified security holes – CVEs in the parlance – are given an “Exploitability Index” level. Microsoft’s official defin
[See the full post at: What does “Exploitation less likely” really mean?]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
What does “Exploitation less likely” really mean?
- This topic has 3 replies, 3 voices, and was last updated 4 years, 8 months ago.
AuthorViewing 0 reply threadsAuthor-
-
That’s the Zerologon security hole, which I talked about on Sept 15.
Yes, it’s a problematic bug that’s bound to be exploited pretty soon now. But it only affects servers, and it can only be used by an attacker after they’re already inside your network. And if you’ve been following along and have already installed the August patches, you’re protected.
1 user thanked author for this post.
-
Absolutely. Sysadmins are paying attention to Zerologon.
But I think the point here may be that what Microsoft considers critical and what government cyber warriors think is critical may be two different things. Does “Exploitation less likely” mean that Microsoft thinks it would take more that a script kiddie to use it?
Microsoft’s judgment may be questionable at both ends of the spectrum.
Group K(ill me now)1 user thanked author for this post.
-
-
Viewing 0 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Login screen icon
by 3 hours, 22 minutes ago
-
AI coming to everything
by 4 hours, 59 minutes ago
-
Mozilla : Pocket shuts down July 8, 2025, Fakespot shuts down on July 1, 2025
by 7 hours, 9 minutes ago
-
No Screen TurnOff???
by 7 hours, 31 minutes ago
-
Identify a dynamic range to then be used in another formula
by 8 hours, 4 minutes ago
-
InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
by 19 hours, 41 minutes ago
-
How well does your browser block trackers?
by 5 hours, 58 minutes ago
-
You can’t handle me
by 10 hours, 23 minutes ago
-
Chrome Can Now Change Your Weak Passwords for You
by 5 hours, 27 minutes ago
-
Microsoft: Over 394,000 Windows PCs infected by Lumma malware, affects Chrome..
by 1 day, 7 hours ago
-
Signal vs Microsoft’s Recall ; By Default, Signal Doesn’t Recall
by 10 hours, 33 minutes ago
-
Internet Archive : This is where all of The Internet is stored
by 1 day, 7 hours ago
-
iPhone 7 Plus and the iPhone 8 on Vantage list
by 1 day, 7 hours ago
-
Lumma malware takedown
by 19 hours, 48 minutes ago
-
“kill switches” found in Chinese made power inverters
by 1 day, 16 hours ago
-
Windows 11 – InControl vs pausing Windows updates
by 1 day, 16 hours ago
-
Meet Gemini in Chrome
by 1 day, 20 hours ago
-
DuckDuckGo’s Duck.ai added GPT-4o mini
by 1 day, 20 hours ago
-
Trump signs Take It Down Act
by 2 days, 4 hours ago
-
Do you have a maintenance window?
by 9 hours, 7 minutes ago
-
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
by 1 day, 6 hours ago
-
Cox Communications and Charter Communications to merge
by 2 days, 7 hours ago
-
Help with WD usb driver on Windows 11
by 16 hours, 9 minutes ago
-
hibernate activation
by 2 days, 16 hours ago
-
Red Hat Enterprise Linux 10 with AI assistant
by 2 days, 20 hours ago
-
Windows 11 Insider Preview build 26200.5603 released to DEV
by 2 days, 23 hours ago
-
Windows 11 Insider Preview build 26120.4151 (24H2) released to BETA
by 2 days, 23 hours ago
-
Fixing Windows 24H2 failed KB5058411 install
by 1 day, 19 hours ago
-
Out of band for Windows 10
by 3 days, 4 hours ago
-
Giving UniGetUi a test run.
by 3 days, 11 hours ago
Remembering Woody
