2 Blocks away: » Monthly OS Security scorecard: MARCH 2007

Monthly OS Security scorecard: MARCH 2007

As promised, here is the roundup for March 2007 following the same principles and Operating Systems as in the original article EXCEPT that we added Windows Vista now.

Overall there hasn’t been much going on this month , EXCEPT a couple of days ago, the Windows animated cursor flaw. Granted the vulnerabilities and fixes ware a bit off, since Microsoft has Patch Tuesday (and 0day Wednesday :)). But still, if something that shows up as EXTREMELY critical it might be good to put some sort of patch out right away.

Without further delay, the amount of advisories coming for each Operating System:

Looks like Ubuntu, as we saw in the past, takes the lead with the amount of advisories. What beats me , is that the amount differs so much between RedHat and Ubuntu. They are bundling much of the same software, so why does RedHat have much fewer advisories? FreeBSD, however takes a clear win for NO advisories found! Well done FreeBSD!

Next up the patches that have been released by each vendor:

Here Ubuntu, RedHat, Mac OS X and OpenBSD all shine since they all have patches available for ALL advisories. The Windows versions however have�unpatched�advisories and for the less critical vulnerability, there is a Partial Fix available. Let’s see how they will do in April on Patch Tuesday.

Finally the criticality of these Advisories:

Suffice to say, the Windows versions are the only ones who got an EXTREMELY critical advisory. But that does not mean the others are off the hook. All of the *nices had HIGH advisories with Ubuntu having 4! Thank god patches are available already for them.

A complete overview for this month, per OS, can be found on Secunia directly by clicking on these links:

Conclusion:

The clear winner is FreeBSD of course followed by OpenBSD and Mac OS X which both had 1 Advisory.� With OpenBSD , however I believe this to be exceptional and I am looking forward to April. Until then, enjoy!