Today we officially launched our MAPP program (http://www.microsoft.com/security/msrc/mapp/partners.mspx) and at the same time we also started providing exploitability information about our vulnerabilities to the world. These two things are pretty huge. The idea behind the exploitability index is to help customers understand which updates they should deploy immediately vs. which ones we don’t think are as likely to be epxloited or exploited reliably (trivia: Did you know that only about 30% of all of our vulns ever have exploit code written for them?).
You can see the exploitability index for the October release here: http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Here’s the breakout of the numbering system used for the exploitability index – it uses 3 numbers – simple – like me: http://technet.microsoft.com/en-us/security/cc998259.aspx
Code monkey very simple man.