The new programs, announced at Black Hat, also provide additional information and guidance to help customers evaluate risks and prioritize the deployment of Microsoft security updates.
Along with the predictability of Microsoft’s monthly security update process is the emergence of an undesirable cycle - the release of exploit code, related to those updates, sometimes within hours of release. Understanding this changing threat environment, Microsoft has conceived the Microsoft Active Protections Program (MAPP), which gives security software providers advance information about vulnerabilities addressed by Microsoft security updates.
This will allow security software providers to offer protections to customers quickly and effectively.
In addition, as part of the company’s ongoing effort to improve its guidance for customers, Microsoft announced its new Exploitability Index, which will provide customers with guidance on the likelihood of functional exploits being developed for vulnerabilities addressed by Microsoft security updates.
This additional information helps customers better assess their unique risks and better prioritize deployment of the monthly security update. The Exploitability Index will be included as part of Microsoft’s monthly security bulletin release.
“The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk,” said Andrew Cushman, director of security response and outreach at Microsoft.
“In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry. The Microsoft Active Protections Program gives security software providers the information and resources they need to help better protect customers.”