Microsoft Vulnerability Research Advisories

Frequently Asked Questions

Q.<p>What kind of information do MSVR advisories contain?</p>

A.<p>MSVR advisories contain a top-level summary that states the reason for issuing the advisory, frequently asked questions, and suggested actions. MSVR advisories may be revised as required to reflect new information or guidance.</p>

Q.<p>What are the specific criteria that Microsoft uses to determine whether a security advisory is required?</p>

A.<p>Our goal is to issue MSVR advisories for security vulnerabilities after we have disclosed them to the affected vendors, so that the vendors could develop remediation. Customers could then use this remediation to help protect themselves.</p>

Q.<p>Could an MSVR advisory become a security bulletin?</p>

A.<p>No. An MSVR advisory pertains to security vulnerabilities in third-party products or services. A Microsoft security bulletin pertains to security vulnerabilities in Microsoft software.</p>

Q.<p>Why aren't you including information about MSVR advisories in the Microsoft Security Bulletin Advance Notification?</p>

A.<p>The <a href="http://www.microsoft.com/technet/security/bulletin/advance.mspx"> Microsoft Security Bulletin Advance Notification</a> is about security bulletins that Microsoft is intending to release, and is therefore about vulnerabilities in Microsoft software and their remediation. MSVR advisories, in contrast, are about third-party products and services.</p>

Q.<p>How will customers know when there is a call to action associated with these MSVR advisories?</p>

A.<p>The MSVR advisory has a <strong>Suggested Actions</strong> section for describing any action that users may have to take to help protect themselves.</p>