Software Management 2.0 - Security Update Severity Rating System

Kaseya Software Management 2.0 uses the Windows Update API to detect and install OS Patches on Microsoft devices.

Microsoft break these updates in to 4 categories, however, in Software Management, we currently break these in to two categories - Critical and Recommended.

There are 4 Microsoft ratings - Critical, Important, Moderate, and Low. These are defined below, with the Software Management severity in brackets.

Critical (SM Critical)

A vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing a web page or opening an email.

Microsoft recommends that customers apply Critical updates immediately.

Important (SM Recommended)

A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. These scenarios include common use scenarios where the client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability. Sequences of user actions that do not generate prompts or warnings are also covered.

Microsoft recommends that customers apply Important updates at the earliest opportunity. 

Moderate (SM Recommended)

Impact of the vulnerability is mitigated to a significant degree by factors such as authentication requirements or applicability only to non-default configurations.

Microsoft recommends that customers consider applying the security update.

Low (SM Recommended)

The impact of the vulnerability is comprehensively mitigated by the characteristics of the affected component. Microsoft recommends that customers evaluate whether to apply the security update to the affected systems.

Microsoft Severity Software Management Severity
Critical Critical
Critical Critical (Older than 30 days)
Important Critical
Moderate Recommended
Low Recommended


Further details can be found on this Microsoft site: https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us