Severity Level Description
Security Bulletins are classified by severity level according to the impact of the security vulnerability, availability of patch and the current status of exploits in the real world.
Less Critical
Typically used by security vulnerabilities which are not remotely exploitable, or not leading to system compromise or requiring user interaction.
Note: This level is for reference only. HKCERT focuses on medium to high severity warnings so does not publish security bulletin of this level.
Moderately Critical
Typically used for remotely exploitable elevation of privilege or denial of service vulnerabilities against common server services like HTTP and SMTP, and for vulnerabilities that allow system compromises but require user interaction.
Highly Critical
Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are not exploits in the wild at the time of disclosure, or moderately propagating malware exists. Such vulnerabilities may exist in common server services like HTTP and SMTP or in client systems like email programs or browsers.
Extremely Critical
Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction. Exploits are in the wild or massive propagating malware exists. Such vulnerabilities may exist in common server services like HTTP and SMTP or in client systems like email programs or browsers.