July 27, 2012, 4:45 PM —
The well-known Patch Tuesday ritual almost exclusively targets Microsoft's most popular products -- Internet Explorer, Windows, Office and .NET Framework. What's not so well-known is the fact that Microsoft also leaves a portion of its known vulnerabilities unfixed.
Most of these unfixed flaws have been known about for years and Microsoft simply ignored them. The fact that they're out in the open (that is, on the Secunia Report and the like) increases their risk.
Here's a run-down of the most popular programs with unpatched flaws (both minor and major) as well as a quick evaluation of when this might affect either you or any one of your users.
Windows 7 SP1 is the most secure Windows version to date. Almost all of its known vulnerabilities couldn't be considered critical and can only be exploited when an untrusted user has physical access to the hardware. No wonder Microsoft never patched these issues. Here's the list:
These issues can only be exploited when a local user performs DoS attacks on the machine. But if he's got physical access, all is lost anyway.
There is, however, one issue that stands out from the relative harmless pack:
This flaw is considered "Highly Critical" as it allows code execution through the "dao360.dll" file (Data Access Objects library). For this flaw to be exploited, a user would have to be tricked into deliberately running a file, proving once again how important internal security briefings are -- especially for the novice worker in your company.