Starting this month, Microsoft will be providing exploitability information about their patches to everyone.

The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft security updates.

The Exploitability Index uses one of three values to communicate to customers the likelihood of functioning exploit code, based on vulnerabilities addressed by Microsoft security bulletins:

  • 1 – Consistent Exploit Code Likely
  • 2 – Inconsistent Exploit Code Likely
  • 3 – Functioning Exploit Code Unlikely

You can see the new exploitability index on the Microsoft Security Bulletin Summary for October 2008 page.