8 long-forgotten Microsoft vulnerabilities
Microsoft has ignored these vulnerabilities. That doesn't mean you should.
The well-known Patch Tuesday ritual almost exclusively targets Microsoft's most popular products -- Internet Explorer, Windows, Office and .NET Framework. What's not so well-known is the fact that Microsoft also leaves a portion of its known vulnerabilities unfixed.
Most of these unfixed flaws have been known about for years and Microsoft simply ignored them. The fact that they're out in the open (that is, on the Secunia Report and the like) increases their risk.
Here's a run-down of the most popular programs with unpatched flaws (both minor and major) as well as a quick evaluation of when this might affect either you or any one of your users.
Windows 7 SP1 is the most secure Windows version to date. Almost all of its known vulnerabilities couldn't be considered critical and can only be exploited when an untrusted user has physical access to the hardware. No wonder Microsoft never patched these issues. Here's the list:
These issues can only be exploited when a local user performs DoS attacks on the machine. But if he's got physical access, all is lost anyway.
There is, however, one issue that stands out from the relative harmless pack:
This flaw is considered "Highly Critical" as it allows code execution through the "dao360.dll" file (Data Access Objects library). For this flaw to be exploited, a user would have to be tricked into deliberately running a file, proving once again how important internal security briefings are -- especially for the novice worker in your company.
Despite being the older and generally more insecure OS, the landscape of Windows XP isn't that much different from Windows 7, but that will change soon, as XP is nearing the end of its life: "After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates."
Of all the currently known and public vulnerabilities, only the one also affecting Windows 7 (Microsoft Windows DAO 3.6 Object Library Insecure Library Loading Vulnerability) could be seen as critical -- and only in the very rare case when a user deliberatly opens an unknown file with injected code.
There's also a mildly-critical vulnerablity, reported by Acrossecurity, that targets certain applications (specifically iTunes or Safari) in which a user could be lured into opening a file via WebDAV or a network share. Again, highly unlikely, but easily fixable with these steps from Microsoft.
Luigi Auriemma discovered a bug in DirectX 9.0x (more specifically, the DirectPlay 8 component) that can be used by malicious software to cause games to freeze and/or the server to stop responding. Good news: Only the DX9 version for Windows XP SP3 and Windows Server 2003 is affected, all other DX versions (10+11) are not.
PowerPoint 2000, 2002 and 2003
Is your office still running PowerPoint 2003 (or earlier)? Better be careful when opening files online or from any sources you don't know. When closing or saving a .PPT file, PowerPoint executes specific parts of that file. This could be used to a) crash the application or b) execute remote code. Solution: Upgrade to Office 2007 or (if that's not possible or wanted) don't open any unknown .PPT files.
Outlook 2000 and 2003
I don't want to know how many smaller offices are still running good old Outlook 2003 on their systems. This unfixed vulnerability can be exploited if the user forwards an email that includes an unclosed "<OBJECT>" tag (which in turn is followed by the malicious code).
Internet Explorer 9
Despite its bad reputation with earlier versions, IE has become quite a secure browser. Currently, there's only one vulnerability that can, in certain scenarios, be exploited to determine which websites you've visited. This rather old trick involves a non-destructive extraction of browsing history by observing cache timings. An attacker could theoretically find out which websites you've visited recently. The only "protection" is to enable InPrivate Browsing in IE and clear the cache to prevent a website from knowing what sites you've visited recently.
Internet Explorer 8
IE8 has a lot of vulnerabilities, yet most of them require the execution of an unknown file. There's also a little bug that includes the first 63 bytes of a file path when saving HTML websites to a PDF file. This could lead to users reading out system information, such as the user name. This is something you may want to keep an eye on when saving files in IE.
Both PowerPoint and Excel 2007 suffer from a vulnerability that can be exploited using a specifically crafted file to run malicious code. Again, this security hole can only affect users who open files blindly from unknown sources. Microsoft has known about this issue since February 2011.
It's very clear why Microsoft hasn't resolved most of these issues: Rapidly decreasing usage. Add to that the fact that many exploits can only be targeted when a user opens malicious files blindly or leaves his/her PC unattended. Sorry, no business case here, move along.
But overall the landscape of Microsoft's known and unpatched vulnerabilities is good. There are almost no highly critical and widely exploitable flaws in any protect that's still officially supported by the company.