The risk matrices provide information to help customers assess the risk posed by the security vulnerabilities in their specific environment. They can be used to identify the systems most at risk so they can be patched first. Each new security vulnerability fixed in a Critical Patch Update is listed in a row of the risk matrix for the product it affects.