Below are the four possible severity ratings with explanations as defined by Microsoft:
- Critical: A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
- Important: A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
- Moderate: Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
- Low: A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.