Summary: Stuxnet caused by flaws without patches to address them and some are still unresolved
BASED on a very recent report, Microsoft is worst at patching and Stuxnet is an issue we covered in [1, 2, 3, 4, 5, 6, 7]. Many large companies may be affected and lives are at stake. According to this, “Stuxnet attackers used 4 Windows zero-day exploits”:
The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft’s Windows operating system, according to a startling disclosure from the world’s largest software maker.
Two of the four vulnerabilities are still unpatched.
Well, tell that to Microsoft. It loves blaming the victims for being negligent. It never blames itself for that [1, 2, 3], even when it’s clearly its own fault, e.g. with Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Two days ago we wrote about ASP.NET holes and reports about it have not stopped yet. Yesterday was Microsoft’s Patch Tuesday which Microsoft says addresses 13 vulnerabilities (although Microsoft hides more, so it’s probably over 13). One new article from Consumer Affairs has just made the claim that GNU/Linux is inherently more secure:
But improvements in the Windows operating system – and Apple and Linux’s long-standing built-in defenses – have some wondering if consumers still need to add an anti-virus program to their computers. The answer differs, depending on who you talk to.
Linux-based systems, however, tend to have a much higher level of built-in security, as most Web servers run on Linux.
Vista 7 has improved virtually nothing in terms of security and Microsoft lacks a plan for changing the high risk to Windows users. The least it could do is patch known flaws, but the company does not even do that. █