Microsoft’s unpatched security bugs



George Ou at ZDnet is mystified (as many of us are) at why Microsoft can’t patch ALL their security vulnerabilities. Most of the unpatched vulnerabilities are considered minor (as was the 6 month old bug that in the last week was discovered could be exploited for more than a Denial of Service…) His point is, if small companies (even open source groups) can patch ALL security bugs big and small, then why can’t Microsoft with it’s legions of coders?


This is one of those sore points for me with regards to Microsoft. Given their vast resources (money and programmers) I don’t see why they would let a security bug sit for months or even years. This is one of the things that has given me greater respect for open source projects, seeing bugs patched with reasonable speed and thoroughness. (How Microsoft can claim that they’re average disclosure-patch time is less than comparable open source software is beyond me. I saw one claim a while back of within 24 hours…. that must be from when they disclose it (announced at the same time as patches)).

To be fair, I think there are some unpatched Firefox vulnerabilities at the moment, but once again I invite visitors to go to the secunia page for both products….

firefox 1.x 3 unpatched.
Internet Explorer 6.x 21 unpatched.
Opera 8.x 1 unpatched.

(and the Opera vulnerability is 12 days old…)

I would invite folks to try out either Opera or…

For that matter though, I would like to see Firefox deal with the unpatched vulnerabilities.

However, Microsoft makes more than a web browser and in his post he lists each of the unpatched XP vulnerabilities. His hope is to hear an ETA from Microsoft on a fix…. good luck with that one.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsofts Linux Lab manager answers questions on slashdot A few days back I mentioned that slashdot was posing questions to Bill Hilf, the manager of Microsoft's Linux lab. Today his responses are being posted. Among the more interesting points, in general his role is helping Microsoft have a better understanding of Open Source software. They do report bugs......
  • Firefox vulnerabilities and 1.5 Release Candidate I know there's been at least one and probably a couple of Mozilla Firefox vulnerabilities announced in the last month or so. There are currently (according to Secunia) 3 unpatched Firefox vulnerabilities. The secunia page for firefox has the details. There are two vulnerabilites for which there is a workaround......
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
Blog Traffic Exchange Related Websites
  • Black Hat // Webcast 28 - HTTP Parameter Pollution Vulnerabilities in Web Applications HTTP Parameter Pollution Vulnerabilities in Web Applications // Marco Balduzzi http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0 ----------------------------------- OVERVIEW: While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded......
  • Symbian^3 announced The Symbian Foundation has unveiled the Symbian^3 (S^3) platform. S^3 is the first entirely open source release following the platform’s transition to an open source license earlier this month. S^3 is expected to be “feature complete” by the end of Q1. Lee M. Williams, Executive Director of the Symbian Foundation,......
  • Microsoft to Improve User Access Control in Windows 7 I was just reading a Slashdot article about Microsoft improving User Access Control (UAC) in Windows 7. In the cited PC Pro article, Microsoft engineer Ben Fathi says: We've heard loud and clear that you are frustrated. You find the prompts too frequent, annoying, and confusing. We still want to......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site