Microsoft is helping define the importance of patches based on exploit likelihood. This might fit with a risk assessment but it is unlikely to really change the need for rapid patching. My question is does this really help you make a prioritization? I think that with the release of a patch these indexes might change rapidly and MS will have to adjust the index.
|Exploitability Index Assessment||Short Definition|
|1||Consistent exploit code likely|
|2||Inconsistent exploit code likely|
|3||Functioning exploit code unlikely|