Definition: The Microsoft Security Bulletin Severity Rating System is a simple, four level severity rating system that's applied to each Microsoft Security Bulletin, providing a quick and easy way to assess the possible risk of the security weakness that was identified.
Below are the four possible severity ratings with explanations as defined by Microsoft:
- Critical: A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
- Important: A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
- Moderate: Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
- Low: A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.