You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
msrc guidance
About this tag
The msrc guidance tag covers Microsoft Security Response Center (MSRC) terminology and how Microsoft classifies vulnerabilities in CVE titles. A recurring theme is the distinction between a CVE title's impact class, such as Remote Code Execution, and the CVSS attack vector, which may indicate local exploitation. The tag explains that MSRC labels describe what an attacker can achieve, while CVSS details how the attack occurs. This helps users interpret Microsoft security advisories accurately, especially when titles seem to conflict with CVSS metrics. The content focuses on clarifying MSRC naming conventions for better understanding of vulnerability severity and exploitation context.
The short answer is that “Remote Code Execution” in Microsoft’s CVE title describes the impact class, not necessarily the CVSS attack vector. Microsoft’s own guidance and long-standing MSRC usage show that a vulnerability can be labeled RCE even when exploitation requires local user interaction...