Microsoft’s unpatched security bugs



George Ou at ZDnet is mystified (as many of us are) at why Microsoft can’t patch ALL their security vulnerabilities. Most of the unpatched vulnerabilities are considered minor (as was the 6 month old bug that in the last week was discovered could be exploited for more than a Denial of Service…) His point is, if small companies (even open source groups) can patch ALL security bugs big and small, then why can’t Microsoft with it’s legions of coders?


This is one of those sore points for me with regards to Microsoft. Given their vast resources (money and programmers) I don’t see why they would let a security bug sit for months or even years. This is one of the things that has given me greater respect for open source projects, seeing bugs patched with reasonable speed and thoroughness. (How Microsoft can claim that they’re average disclosure-patch time is less than comparable open source software is beyond me. I saw one claim a while back of within 24 hours…. that must be from when they disclose it (announced at the same time as patches)).

To be fair, I think there are some unpatched Firefox vulnerabilities at the moment, but once again I invite visitors to go to the secunia page for both products….

firefox 1.x 3 unpatched.
Internet Explorer 6.x 21 unpatched.
Opera 8.x 1 unpatched.

(and the Opera vulnerability is 12 days old…)

I would invite folks to try out either Opera or…

For that matter though, I would like to see Firefox deal with the unpatched vulnerabilities.

However, Microsoft makes more than a web browser and in his post he lists each of the unpatched XP vulnerabilities. His hope is to hear an ETA from Microsoft on a fix…. good luck with that one.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsofts Linux Lab manager answers questions on slashdot A few days back I mentioned that slashdot was posing questions to Bill Hilf, the manager of Microsoft's Linux lab. Today his responses are being posted. Among the more interesting points, in general his role is helping Microsoft have a better understanding of Open Source software. They do report bugs......
  • What is Open Source Open source denotes that the origins of a product are publicly accessible in part or in whole. See Open source (disambiguation) for related topics and other meanings. This article focuses on open source as a modern or commonly used allusion to any open-source software (OSS) where its source code, its......
  • Open Source Java and Linux distros redistributing java For years, the call has been to open source Java.... it appears that day is, well... coming. Not at hand yet, but for startersJava can now be bundled with Linux distributions.... and is looking for advice on how to get from where they are to open source Java. So it......
Blog Traffic Exchange Related Websites
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
  • Make Cross-Domain AJAX Requests with xdRequest xdRequest is an open-source JavaScript library that I've developed for making cross-domain AJAX requests. In this day and age, with web browsers becoming very fast and powerful, it has become quite possible to build web applications with much of the work performed by the client. xdRequest makes it possible to......
  • Microsoft Security Bulletin Summary for July 2010 MS10-042 - Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) "This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site