Microsoft is helping define the importance of patches based on exploit likelihood. This might fit with a risk assessment but it is unlikely to really change the need for rapid patching. My question is does this really help you make a prioritization? I think that with the release of a patch these indexes might change rapidly and MS will have to adjust the index.
| Exploitability Index Assessment | Short Definition |
| 1 | Consistent exploit code likely |
| 2 | Inconsistent exploit code likely |
| 3 | Functioning exploit code unlikely |
Exploitability Index | Prioritize Deployment of Security Updates.