http://blogs.technet.com/mbullock/archive/2008/04/16/vista-vulnerability-report-published-for-year-1.aspxFolks, I thought you might be interested in this report that has just been issued compiling the first year's worth of security vulnerability's found in Windows Vista, and comparing Windows&#160; XP and non-Microsoft OS's first year vulnerabilities. Theen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/mbullock/archive/2008/04/16/vista-vulnerability-report-published-for-year-1.aspx#3038202Thu, 17 Apr 2008 00:28:38 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3038202tony<p>yes I believe MS is doing a great job of securing their new products but I don't like the comparisons to other products rhel has a higher number of total sec vulns but how many are remotely exploitable how many are elevation issues.. ? I'm not worried about local exploits cause if your on the box u own it anyway. &nbsp;But like I said MS is still doing a great job, keep up the good work!</p>http://blogs.technet.com/mbullock/archive/2008/04/16/vista-vulnerability-report-published-for-year-1.aspx#3038385Thu, 17 Apr 2008 08:00:30 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3038385Vista Vulnerability report published for Year 1 | Windows Guides | Mintywhite.com<p>PingBack from <a rel="nofollow" target="_new" href="http://mintywhite.com/tech/news/vista-vulnerability-report-published-for-year-1/">http://mintywhite.com/tech/news/vista-vulnerability-report-published-for-year-1/</a></p> http://blogs.technet.com/mbullock/archive/2008/04/16/vista-vulnerability-report-published-for-year-1.aspx#3038574Thu, 17 Apr 2008 15:07:31 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3038574Mark Sowul<p>You shouldn't ignore local exploits - a seemingly innocuous elevation-of-privilege vulnerability can turn a remote access vulnerability into complete control of the machine.</p> <p>For example: would you rather have two hypothetical IIS vulnerabilities that let you execute code in the context of the IIS account (these would probably be marked &quot;important&quot; or &quot;critical,&quot; or would you rather have one such vulnerability (&quot;important&quot;/&quot;critical&quot;) and one local elevation-of-privilege vulnerability (probably would be marked as &quot;low&quot; or &quot;important&quot;)?</p> <p>In the first case, the damage is non-trivial, but limited because the IIS account would have few privileges on its own. &nbsp;In the second, you could piggyback the EoP on top of the remote vulnerability, and now you own the whole machine.</p>http://blogs.technet.com/mbullock/archive/2008/04/16/vista-vulnerability-report-published-for-year-1.aspx#3038706Thu, 17 Apr 2008 17:46:34 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3038706Inside Microsoft<p>Diferen&#231;a grande se comparado com o XP. Metric Windows Vista (1 year) Windows XP (1 year) Vulnerabilities</p> http://blogs.technet.com/mbullock/archive/2008/04/16/vista-vulnerability-report-published-for-year-1.aspx#3170898Thu, 18 Dec 2008 20:16:06 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3170898Malcolm Bullock - Optimising Infrastructure for business benefit<p>This isn't something that I would normally bother blogging on - and from the lack of recent posts you</p>