8 long-forgotten Microsoft vulnerabilities

Microsoft has ignored these vulnerabilities. That doesn't mean you should.

By  

vulnerable

Don't be caught like this guy. Know where you're vulnerable.

flickr/bark

The well-known Patch Tuesday ritual almost exclusively targets Microsoft's most popular products -- Internet Explorer, Windows, Office and .NET Framework. What's not so well-known is the fact that Microsoft also leaves a portion of its known vulnerabilities unfixed.

Most of these unfixed flaws have been known about for years and Microsoft simply ignored them. The fact that they're out in the open (that is, on the Secunia Report and the like) increases their risk.

Here's a run-down of the most popular programs with unpatched flaws (both minor and major) as well as a quick evaluation of when this might affect either you or any one of your users.

Windows 7

Windows 7 SP1 is the most secure Windows version to date. Almost all of its known vulnerabilities couldn't be considered critical and can only be exploited when an untrusted user has physical access to the hardware. No wonder Microsoft never patched these issues. Here's the list:

These issues can only be exploited when a local user performs DoS attacks on the machine. But if he's got physical access, all is lost anyway.

There is, however, one issue that stands out from the relative harmless pack:

This flaw is considered "Highly Critical" as it allows code execution through the "dao360.dll" file (Data Access Objects library). For this flaw to be exploited, a user would have to be tricked into deliberately running a file, proving once again how important internal security briefings are -- especially for the novice worker in your company.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness