confidence metric

About this tag
The confidence metric is a Microsoft Security Response Center (MSRC) triage signal that indicates how certain Microsoft is that a vulnerability exists and how credible the publicly released technical details are. On WindowsForum.com, discussions reference this metric in the context of CVE-2026-26133 (Microsoft 365 Copilot information disclosure) and CVE-2026-20870 (Win32k kernel elevation of privilege). In both cases, the confidence metric helps defenders assess the reliability of vulnerability reports and prioritize responses when full technical details are sparse. The tag covers how Microsoft uses this internal confidence rating to communicate disclosure posture for Windows and Microsoft 365 security issues.
  1. CVE-2026-26133: Microsoft 365 Copilot Information Disclosure and the Confidence Signal

    Microsoft’s security tracking lists CVE-2026-26133 as an information‑disclosure defect affecting Microsoft 365 Copilot, but public technical detail is intentionally sparse and Microsoft’s own “confidence” metadata is the primary triage signal available to defenders right now. The entry in the...
  2. CVE-2026-20870: Win32k Kernel Elevation of Privilege and Patch Guidance

    Microsoft’s public advisory for CVE-2026-20870 describes a high‑impact elevation‑of‑privilege defect in the Windows Win32k kernel subsystem that can be triggered by a local, authenticated actor and that Microsoft treats with a measured disclosure posture using its published confidence metric...