Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of that software. Microsoft uses a process to investigate and release security updates that address vulnerabilities in the software it produces.
Microsoft has released a paper on Software Vulnerability Management, which tells you about how Microsoft uses a multipronged approach to help its customers manage their risks.
This approach includes three key elements:
- High quality security updates – using world class engineering practices to produce high quality security updates that can be confidently deployed to over a billion diverse systems in the PC eco-system and help customers minimize disruptions to their businesses;
- Community based defense – Microsoft partners with many other parties when investigating potential vulnerabilities in Microsoft software. Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry and through partners, public organizations, customers, and security researchers. This approach helps to minimize potential disruptions to Microsoft’s customers’ businesses;
- Comprehensive security response process – employing a comprehensive security response process that helps Microsoft effectively manage security incidents while providing the predictability and transparency that customers need in order to minimize disruptions to their businesses.
It is impossible to completely prevent vulnerabilities from being introduced during the development of large-scale software projects. As long as human beings write software code, no software is perfect and mistakes that lead to imperfections in software will be made. Some imperfections (“bugs”) simply prevent the software from functioning exactly as intended, but other bugs may present vulnerabilities. Not all vulnerabilities are equal; some vulnerabilities won’t be exploitable because specific mitigations prevent attackers from using them. Nevertheless, some percentage of the vulnerabilities that exist in a given piece of software poses the potential to be exploitable.
Download: Software Vulnerability Management.