In response to Microsoft’s new format of Patch Tuesday releases, which removes a lot of critical vulnerability detail that companies rely on to determine the severity of each flaw, Cybersecurity experts has made the following comments.
Experts Comments
Microsoft is eliminating a ton of valuable vulnerability data.
Microsoft’s decision to remove CVE description information from its Patch Tuesday release is a bad move, plain and simple. By relying on CVSSv3 ratings alone, Microsoft is eliminating a ton of valuable vulnerability data that can help inform organisations of the business risk a particular flaw poses to them.
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Satnam Narang, Senior Research Engineer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Chaining vulnerabilities is an important tactic for threat actors. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reacted-microsofts-new-patch-tuesday-format-a-bad-move-and-disappointing
Facebook Message
@Satnam Narang, Senior Research Engineer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Chaining vulnerabilities is an important tactic for threat actors. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reacted-microsofts-new-patch-tuesday-format-a-bad-move-and-disappointing