Critical is a severity label used for vulnerabilities that can cause severe security impact, such as remote code execution, privilege escalation, data theft, or full system compromise. In Microsoft’s scoring, it is the highest severity tier and usually means the flaw can be exploited in a way that directly threatens confidentiality, integrity, or availability.
This label matters because it drives triage. Security teams use it to prioritize patching, exposure review, and mitigation on internet-facing services, identity systems, and other high-trust assets. In real attacks, a Critical issue may be weaponized quickly if attackers can reach the vulnerable component before defenders apply a fix. In defense, Critical does not automatically mean every system is equally urgent; teams still check whether the vulnerable feature is installed, reachable, and exposed in their environment.



