Microsoft announced early results last week of its attempt to focus customers on the most pernicious vulnerabilities through its exploitability index, a three-grade measure of the likelihood of a vulnerability being exploited.

The software giant did an analysis of its October patch release, one month after releasing a dozen fixes for 21 vulnerabilities. The company found that its researchers correctly predicted that four of the flaws, which were assigned a rating of "functioning exploit code unlikely," would not yet be exploited.

Of the nine vulnerabilities that the company predicted would be exploited, four have had working exploit code released in the first month

The first four issues in the October patch release to be exploited had code released in the first two weeks, following Patch Tuesday.

Microsoft announced its exploitability index at the Black Hat Briefings security conference in Las Vegas in August.


Source: Security Focus