NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>

Home / News / Microsoft

Microsoft

Windows Vulnerabilities, Just as Severe in Vista As in Windows XP	By Marius Oiaga, Technology News Editor 12th of March 2007, 13:38 GMT Adjust text size:


Windows Vista will not impact in any way the severity ranting of Windows Vulnerabilities. Microsoft catalogs security vulnerabilities across its software products according to a rating that quantifies the potential damage a successful exploit would inflict. Currently, Microsoft's severity rating system has four levels: Critical, Important, Moderate and Low. According to Microsoft, critical vulnerabilities allow the propagation of an Internet worm with zero user action and also deliver the most consistent impact. The exploitation of important flaws could result in compromises to user confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. Default configuration, auditing, or difficulty of exploitation are criteria specific of moderate vulnerabilities. And finally, vulnerabilities difficult to exploit and with little impact receive a rating of low. The availability of Microsoft's most secure Windows operating system at the end of January will have no effect on the severity rating system, even though it was conceived back in November 2002. But the issue is larger than Windows Vista. The fact of the matter is that Vista's enhanced security will not diminish in any way the rating of a vulnerability. "The MSRC rarely reduces the severity of a buffer-related security bug because a defense with no security guarantees such as /GS or /SafeSEH is in place. UAC will be a speed bump, but I doubt we would reduce the severity of many bulletins if UAC is the sole mitigation. The MSRC folks are, understandably, very conservative and would rather err on the side of people deploying updates rather than trying to downgrade bug severity," explained Michael Howard, Microsoft Senior Security Program Manager. What does this mean? Well, to put it simply, in case Windows Vista and Windows XP would share a vulnerability, it will have the same severity rating in both operating systems. This although Windows Vista delivers additional security compared to XP. "So don't be surprised if you see a bug that's, say, Important on Windows XP and Important on Windows Vista, even if Windows Vista has a few more defenses and mitigations in place," Howard added. The only difference will be in the reports of the Microsoft Security Response Center.

TAGS:

Windows Vista | Windows XP

Rating:

Good (3.1/5)

9 vote(s) so far

Read by 921 user(s) | Add comment | Link to this article

Subscribe to news |

Print article |

Send to friend

© Copyright 2001-2008 Softpedia
Contact:

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

MORE RELATED ARTICLES:

Windows Ultimate Extra DreamScene Available

Vista Windows.old

Vista vs. XP - Feature Comparison

Windows Vista System Restore

Why Won't Microsoft Declare Windows XP Expired?

Windows Vista Lives in Full Only with 4 GB RAM

Windows Vista Express Upgrades Live Next Week

Download High Resolution Windows Vista Desktop Wallpaper Pack

Microsoft Will Kill Window Vista Ultimate Early

Windows Vista Support Lifecycle

Windows Vista - Linux Down! MacIntel Next!

User opinions:

No user comments yet.

Be the first to express your opinion using the form below!

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved. Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive