I am reviewing vulnerabilities for February and I am trying to understand the severity ratings on QID 124690 and 100274. QID 124690 is for the stand alone Adobe Flash Player and QID 100275 is for the embedded Adobe Flash Player in Windows 8.1, Server 2012 and newer which Microsoft updates directly. The CVEs listed for both vulnerabilities appear to be the same and typically, these two associated QID would carry the same severity rating. Why for the February set of vulnerabilities is the Adobe QID 124690 only rated as 3 (Serious) while the Microsoft QID 100275 is rating as 5 (Urgent). Am I missing something?