21 December 2006

Does Microsoft really take security seriously?

I've been wondering about the above question for a while now, and I really can't wait to sit face to face with an MS security person next month and ask them that exact question. It seems of late all of their effort has been going into releasing Vista, and well, even that isn't exactly secure is it? There are already a couple of 0-day's floating around the net for Vista, now I'm sure that no company in their right mind would have rolled Vista out into the production networks yet (well, aside from MS anyway), but this is still a major threat. The folks over at SANS have updated the list of MS vulnerabilities that have still not been patched, and these are known to be getting exploited. The oldest one of these goes back to the 19th July this year, that's over 6 months old! This really makes me wonder what they hell they are playing at. MS has a lot more money that any security researchers/hackers do, and well if the vulnerabilities can be found, they can be patched. So I would really like to know why these are taking so damn long. In total SANS have 9 vulnerabilities listed, I seem to think that there may be a couple more on top of that as well! The list of vulnerabilities can be found here. So what are everyone else's views on this situation?

No comments: