Kurt Shintaku's Blog

The score so far:

Windows XP Service Pack 2:  20        Windows Vista: 3

These numbers represent the number of patches released for security vulnerabilities in these two supported Windows operating systems since the release of Windows Vista on November 8th, 2006 6 months ago.  Hence, much like golf, the lower the score – the better.

For the curious, the three patches for security vulnerabilities on Windows Vista were:

• April 4th, 2007:  Vulnerabilities in GDI Could Allow Remote Code Execution
• April 10th, 2007: Vulnerability in Windows CSRSS could allow remote code execution
• May 8th, 2007:  Cumulative Security Update for Internet Explorer (931768)

In contrast, here’s a list of the patches for security vulnerabilities on Windows XP Service Pack 2 in the same time frame:

• November 2006:  Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
• November 2006:  Cumulative Security Update for Internet Explorer (922760)
• December 2006:  Cumulative Security Update for Internet Explorer (925454)
• December 2006:  Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
• December 2006:  Vulnerability in Windows Could Allow Elevation of Privilege (926255)
• December 2006:  Vulnerability in SNMP Could Allow Remote Code Execution (926247)
• January 2007:  Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
• February 2007:  Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
• February 2007:  Cumulative Security Update for Internet Explorer (928090)
• February 2007:  Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
• February 2007:  Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
• February 2007:  Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
• February 2007:  Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
• February 2007:  Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
• April 2007:  Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
• April 2007:  Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
• April 2007:  Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
• April 2007:  Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
• April 2007:  Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
• May 2007:  Cumulative Security Update for Internet Explorer (931768)

Hopefully this should help eliminate any doubt as to the value of Windows Vista when it comes to ensuring workstation security & saving the costs of administrative labor & reporting involved in successfully rolling out patches to either a corporate infrastructure… or just for your Mom’s Windows PC.