Malcolm Bullock - Unified Communications

Malcolm Bullock is a Partner Technology Advisor focused upon Unified Communications in the UK. This blog will bring you news, views and How-To's on Microsoft Exchange and Lync, together with UC partner specific info. My personal blog at http://mbullock

Vista Vulnerability report published for Year 1

Vista Vulnerability report published for Year 1

  • Comments 5
  • Likes

Folks,
I thought you might be interested in this report that has just been issued compiling the first year's worth of security vulnerability's found in Windows Vista, and comparing Windows  XP and non-Microsoft OS's first year vulnerabilities.

The report can be found here but here are a few highlights:-

Metric

Windows Vista (year 1)

Windows XP (year 1)

Vulnerabilities fixed

36

65

Security Updates

17

30

Patch Events

9

26

Weeks with at least 1 Patch Event

9

25

These figures may be merely interesting until you consider the cost saving implications of reduced patches. A customer told me recently that each patch event costs them £30K, so this yr 1 reduction in patches would have delivered a direct  £480,000 per annum saving  to them running Vista over Windows XP!! Then there's the incalculable reduction in corporate risk from this reduction in vulnerabilities.

I won't comment but it's interesting to note the comparison to non-Microsoft operating systems. It certainly does fly in the face of some of the IT press reports that have surrounded Vista since it's launch.

Metric

Windows Vista (year 1)

Windows XP (year 1)

Red Hat rhel4ws reduced (year 1)

Ubuntu 6.06 LTS reduced (year 1)

Mac OS X 10.4 (year 1)

Vulnerabilities fixed

36

65

360

224

116

Security Updates

17

30

125

80

17

Patch Events

9

26

64

65

17

Weeks with at least 1 Patch Event

9

25

44

39

15


Technorati Tags: ,,
Comments
  • yes I believe MS is doing a great job of securing their new products but I don't like the comparisons to other products rhel has a higher number of total sec vulns but how many are remotely exploitable how many are elevation issues.. ? I'm not worried about local exploits cause if your on the box u own it anyway.  But like I said MS is still doing a great job, keep up the good work!

  • PingBack from http://mintywhite.com/tech/news/vista-vulnerability-report-published-for-year-1/

  • You shouldn't ignore local exploits - a seemingly innocuous elevation-of-privilege vulnerability can turn a remote access vulnerability into complete control of the machine.

    For example: would you rather have two hypothetical IIS vulnerabilities that let you execute code in the context of the IIS account (these would probably be marked "important" or "critical," or would you rather have one such vulnerability ("important"/"critical") and one local elevation-of-privilege vulnerability (probably would be marked as "low" or "important")?

    In the first case, the damage is non-trivial, but limited because the IIS account would have few privileges on its own.  In the second, you could piggyback the EoP on top of the remote vulnerability, and now you own the whole machine.

  • Diferença grande se comparado com o XP. Metric Windows Vista (1 year) Windows XP (1 year) Vulnerabilities

  • This isn't something that I would normally bother blogging on - and from the lack of recent posts you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment