Silent Fixesについて。

From time to time we receive questions regarding fixes not documented in security bulletins. Some call these “silent fixes.” We hope this blog post answers those questions and helps clarify Microsoft’s process in fixing and documenting all vulnerabilities and addressing internally discovered variants. It’s important to remember the following:
*As part of Microsoft’s comprehensive security update process, Microsoft will address variants of reported issues. Variants are internally found issues similar to the reported vulnerability, and are not documented in security bulletins.
*The overall severity of the bulletin will reflect the highest severity of any vulnerability fixed, whether it was an externally reported vulnerability or internally found variant. The same is also true for the Exploitability Index rating.
*The guidance Microsoft provides on bulletins and blogs takes into account all fixes done in a security update. For example, a workaround will mitigate the reported vulnerability as well as potential variants.

Additional Fixes in Microsoft Security Bulletins – Security Research & Defense