てか、古い製品と新しい製品で指標を分けたみたい。

Microsoft is making changes to its exploitability index to help clarify vulnerability issues in its software to its customers, keeping its program far ahead of other major vendors. Still, no system is perfect.
Microsoft's Security Response Center team has a steep uphill climb to conquer the mountain of vulnerability handling in their software that slowly but surely are publicly discovered, exploited and discussed. It is not an enviable task.
In just five days, the team will roll out a couple of changes. One change splits exploitability ratings for their newest product versions from all older releases. The two updates for the upcoming Patch Tuesday will also provide information for the bugs even if they do not provide remote code execution, and instead provide a surface for denial of service attacks.
This index is aimed at more technically minded individuals and organizations to help evaluate the urgency of installing available patches or shielding yet unpatched vulnerable applications and services. So, these changes are really used by larger organizations with technical staff than individual consumers. For consumers, generally the guidance is to auto-update and install the patches as soon as they are released. Microsoft has a massive, rigorous QA process for security patch compatibility and rollout issues, so that problems for individual consumers are minimized while lowering overall security risk. The first of the changes inevitably will quantify the benefit for organizations and consumers to maintain the latest versions of Microsoft products.

http://www.securelist.com/en/blog/11231/Microsoft_Exploitability_Index_Changes