June 22, 2007 (IDG News Service) — A Microsoft Corp. security executive released data Thursday showing that, six months after shipping Windows Vista, his company has left more publicly disclosed Vista bugs unpatched than it did with Windows XP.
In total, Microsoft has patched 12 out of 27 disclosed Vista vulnerabilities in the six months after it first shipped last November. During XP’s first six months, Microsoft’s security team patched 36 out of 39 known bugs.
The data was published by Jeff Jones, a Microsoft security strategy director, who said that overall, Vista was doing better than XP. “Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to its predecessor product, Windows XP,” he wrote.
Jones didn’t address the larger number of unpatched vulnerabilities, but he did note most of the unpatched Vista bugs were not critical. Microsoft had left only one high-severity Vista vulnerability unpatched during the period. At the end of XP’s first six months, there were two high-severity bugs that were unpatched.
Microsoft patched 23 high-severity XP bugs during its first six months, compared with only one high-severity Vista flaw.
Jones argued that Vista had a lower number of vulnerabilities than competitive operating system products such as Red Hat Enterprise Linux and Mac OS X.
It is not quite surprising to hear that Microsoft does poorly when it comes to patching Vista since they’re still patching XP, which have more users than Vista. It is, however, bothering to know that a high-severity Vista vulnerability remains unpatch. This just goes to shows how little priority MS gives to its Vista users.
While I agree that Microsoft did a good job in implementing the security for Vista, I think we will see how well (or how poorly) they did once it becomes as popular as XP therefore attracting more hackers. Hardware are getting cheaper by the day and we might see Vista replacing XP soon. Then, we’ll see what happens.