Microsoft has provided a closer look at the security servicing criteria that the company is using to decide whether a certain bug in its products are getting fixes or not and how fast this happens after a report is submitted.

The software giant says that there are two questions asked whenever vulnerabilities are reported. “Does the vulnerability violate a promise made by a security boundary or a security feature that Microsoft has committed to defending? Does the severity of the vulnerability meet the bar for servicing?”

Based on these two questions, the company’s security researchers can decide on what to do next and if a fix is being developed and pushed to systems as soon as possible or simply considered for the next release cycle, typically Patch Tuesday.

“If the answer to both questions is yes, then the vulnerability will be addressed through…