I recently took over managing our WSUS server and was curious about one class of security update. These are the security updates that are not associated with MS security bulletins. These unassociated update have an MSRC Severity rating of unspecified, and TechNet defines that as “the issue does not have a severity rating”. Makes sense in a very unhelpful sort of way.
Does that severity mean they are highly unlikely to be exploited and not all that important? I was curious of anyone had better information on how important those updates with the unspecified severity really are?