Here is a list of UNPATCHED Windows vulnerabilities (from a posting to Jason Perlow's announcement that he is removing Windows from all of his computers):
source : http://www.vupen.com/english/Unpatched-Microsoft-Vulnerabilities.php
Here's a list of all the Windows vulnerabilities for which no patches have been issued.
The ones in red are critical. There are too many orange and yellow ones to mark.
04.02.2010 : Microsoft Internet Explorer Information Disclosure Vulnerability
24.12.2009 : Microsoft IIS File Extension Processing Security Bypass Vulnerability
25.03.2009 : Microsoft Windows GDI+ "GPFont::SetData()" Denial of Service Vulnerability
09.10.2008 : Microsoft Windows Kernel Local Integer Overflow Vulnerability
27.06.2008 : Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability
14.05.2008 : Microsoft Internet Explorer Printing Cross-Zone Scripting Vulnerability
13.05.2008 : Microsoft Internet Explorer DisableCachingOfSSLPages Weakness
21.01.2008 : Microsoft Visual Basic DSR File Processing Buffer Overflow Vulnerabilities
04.12.2007 : Microsoft Web Proxy Auto-Discovery Information Disclosure Vulnerability
18.09.2007 : Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow Vulnerability
13.08.2007 : Microsoft DirectX Media SDK "SourceUrl" Remote Buffer Overflow Vulnerability
06.06.2007 : Microsoft Windows GDI+ Library ICO Header Handling Denial of Service Vulnerability
30.03.2007 : Microsoft Windows Vista ATI Radeon Kernel Mode Driver Denial of Service Vulnerability
27.03.2007 : Microsoft Windows Web Proxy Automatic Discovery (WPAD) Traffic Routing Vulnerability
20.03.2007 : Microsoft Windows "Ndistapi.sys" Device Driver Local Denial of Service Vulnerability
15.03.2007 : Microsoft Internet Explorer "navcancl.htm" Cross Site Scripting and Phishing Vulnerability
26.02.2007 : Microsoft Internet Explorer UTF-7 Charset Inheritance Cross-Site Scripting Vulnerability
23.02.2007 : Microsoft Windows "ReadDirectoryChangesW()" Information Disclosure Weakness
31.01.2007 : Microsoft Windows Mobile Internet Explorer and Pictures and Videos Denial of Service
23.01.2007 : Microsoft Visual Studio Resource File Handling Client-Side Buffer Overflow Vulnerability
26.12.2006 : Microsoft Windows Workstation Service "NetrWkstaUserEnum()" Denial of Service Issue
17.12.2006 : Microsoft Windows Media Player MIDI File Format Handling Denial of Service Vulnerability
17.12.2006 : Microsoft Project Server 2003 "pdsrequest.asp" File Information Disclosure Vulnerability
02.12.2006 : Microsoft Windows Print Spooler Service "GetPrinterData" Denial of Service Vulnerability
30.10.2006 : Microsoft Windows NAT Helper Components DNS Denial of Service Vulnerability
13.10.2006 : Microsoft PowerPoint Invalid Container Object Client-Side Denial of Service Vulnerability
07.08.2006 : Microsoft Windows GDI Library WMF Image Handling Remote Denial of Service Vulnerability
02.08.2006 : Microsoft Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
02.08.2006 : Microsoft Windows GDI Plus Library Image Handling Remote Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer Native Function Iteration Client-Side Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer Forms ListBox and ComboBox Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer "ASFSourceMediaDescription" Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer HTML Help Control "HHCtrl.ocx" Denial of Service Vulnerability
21.07.2006 : Microsoft Internet Explorer "Content-Type" Header Handling Denial of Service Vulnerability
21.07.2006 : Microsoft Internet Explorer CEnroll Object Handling Remote Denial of Service Vulnerability
21.07.2006 : Microsoft Internet Explorer Outlook View Control Client-Side Denial of Service Vulnerability
19.07.2006 : Microsoft Internet Explorer Office Web Components Remote Denial of Service Vulnerability
17.07.2006 : Microsoft Internet Explorer DirectX Image Transform Object Denial of Service Vulnerability
17.07.2006 : Microsoft Internet Explorer "MHTMLFile" Object Client-Side Denial of Service Vulnerability
15.07.2006 : Microsoft PowerPoint Presentation Handling Multiple Memory Corruption and DoS Vulnerabilities
15.07.2006 : Microsoft Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability
15.07.2006 : Microsoft Works File Handling Multiple Client-Side Memory Corruption and DoS Vulnerabilities
13.07.2006 : Microsoft Internet Explorer DirectX Image Transform Object Denial of Service Vulnerability
12.07.2006 : Microsoft Internet Explorer "TriEditDocument" Object Remote Denial of Service Vulnerability
11.07.2006 : Microsoft Internet Explorer HTML Editing Component Denial of Service Vulnerability
10.07.2006 : Microsoft Internet Explorer DirectX Transform Control Denial of Service Vulnerability
09.07.2006 : Microsoft Office Object Library "LsCreateLine()" Improper Memory Access Vulnerability
09.07.2006 : Microsoft Internet Explorer "DirectAnimation" Control Denial of Service Vulnerability
09.07.2006 : Microsoft Internet Explorer Remote Data Service Object Denial of Service Vulnerability
07.07.2006 : Microsoft Internet Explorer "appendChild()" Client-Side Denial of Service Vulnerability
06.07.2006 : Microsoft Internet Explorer Structured Graphics Control Denial of Service Vulnerability
03.07.2006 : Microsoft Internet Explorer Data Access ActiveX Remote Denial of Service Vulnerability
06.06.2006 : Microsoft Internet Explorer Keystroke Events Handling Arbitrary File Upload Issue
10.05.2006 : Microsoft Windows Infotech Storage System Library Heap Corruption Vulnerability
27.04.2006 : Microsoft Internet Explorer ActiveX Control Dialog Box Security Bypass Vulnerability
27.04.2006 : Microsoft Products "mhtml" Cross Domain Information Disclosure Vulnerability
26.04.2006 : Microsoft Office 2003 "mailto:" URI Handler Arbitrary File Attachment Weakness
05.03.2006 : Microsoft Visual Studio "dbp" and "sln" File Handling Buffer Overflow Issue
13.02.2006 : Microsoft Internet Explorer Drag and Drop Events Timing Vulnerability
06.02.2006 : Microsoft HTML Help Workshop Multiple File Handling Buffer Overflow Vulnerabilities
11.01.2006 : Microsoft Visual Studio "UserControl.Load" Code Execution Vulnerability
10.01.2006 : Microsoft Windows Metafile Handling Denial of Service Vulnerabilities
Just how many of those unpatched holes have been exploited by bad guys? Since many are several years old you can bet that most of them have. Does your AV protect against them? That's the gamble, isn't it? Ready to lay your wallet, home, and possibly your job on the line to find out if someone has gotten a hold of your personal info by continuing to run Windows?
source : http://www.vupen.com/english/Unpatched-Microsoft-Vulnerabilities.php
Here's a list of all the Windows vulnerabilities for which no patches have been issued.
The ones in red are critical. There are too many orange and yellow ones to mark.
04.02.2010 : Microsoft Internet Explorer Information Disclosure Vulnerability
24.12.2009 : Microsoft IIS File Extension Processing Security Bypass Vulnerability
25.03.2009 : Microsoft Windows GDI+ "GPFont::SetData()" Denial of Service Vulnerability
09.10.2008 : Microsoft Windows Kernel Local Integer Overflow Vulnerability
27.06.2008 : Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability
14.05.2008 : Microsoft Internet Explorer Printing Cross-Zone Scripting Vulnerability
13.05.2008 : Microsoft Internet Explorer DisableCachingOfSSLPages Weakness
21.01.2008 : Microsoft Visual Basic DSR File Processing Buffer Overflow Vulnerabilities
04.12.2007 : Microsoft Web Proxy Auto-Discovery Information Disclosure Vulnerability
18.09.2007 : Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow Vulnerability
13.08.2007 : Microsoft DirectX Media SDK "SourceUrl" Remote Buffer Overflow Vulnerability
06.06.2007 : Microsoft Windows GDI+ Library ICO Header Handling Denial of Service Vulnerability
30.03.2007 : Microsoft Windows Vista ATI Radeon Kernel Mode Driver Denial of Service Vulnerability
27.03.2007 : Microsoft Windows Web Proxy Automatic Discovery (WPAD) Traffic Routing Vulnerability
20.03.2007 : Microsoft Windows "Ndistapi.sys" Device Driver Local Denial of Service Vulnerability
15.03.2007 : Microsoft Internet Explorer "navcancl.htm" Cross Site Scripting and Phishing Vulnerability
26.02.2007 : Microsoft Internet Explorer UTF-7 Charset Inheritance Cross-Site Scripting Vulnerability
23.02.2007 : Microsoft Windows "ReadDirectoryChangesW()" Information Disclosure Weakness
31.01.2007 : Microsoft Windows Mobile Internet Explorer and Pictures and Videos Denial of Service
23.01.2007 : Microsoft Visual Studio Resource File Handling Client-Side Buffer Overflow Vulnerability
26.12.2006 : Microsoft Windows Workstation Service "NetrWkstaUserEnum()" Denial of Service Issue
17.12.2006 : Microsoft Windows Media Player MIDI File Format Handling Denial of Service Vulnerability
17.12.2006 : Microsoft Project Server 2003 "pdsrequest.asp" File Information Disclosure Vulnerability
02.12.2006 : Microsoft Windows Print Spooler Service "GetPrinterData" Denial of Service Vulnerability
30.10.2006 : Microsoft Windows NAT Helper Components DNS Denial of Service Vulnerability
13.10.2006 : Microsoft PowerPoint Invalid Container Object Client-Side Denial of Service Vulnerability
07.08.2006 : Microsoft Windows GDI Library WMF Image Handling Remote Denial of Service Vulnerability
02.08.2006 : Microsoft Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
02.08.2006 : Microsoft Windows GDI Plus Library Image Handling Remote Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer Native Function Iteration Client-Side Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer Forms ListBox and ComboBox Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer "ASFSourceMediaDescription" Denial of Service Vulnerability
25.07.2006 : Microsoft Internet Explorer HTML Help Control "HHCtrl.ocx" Denial of Service Vulnerability
21.07.2006 : Microsoft Internet Explorer "Content-Type" Header Handling Denial of Service Vulnerability
21.07.2006 : Microsoft Internet Explorer CEnroll Object Handling Remote Denial of Service Vulnerability
21.07.2006 : Microsoft Internet Explorer Outlook View Control Client-Side Denial of Service Vulnerability
19.07.2006 : Microsoft Internet Explorer Office Web Components Remote Denial of Service Vulnerability
17.07.2006 : Microsoft Internet Explorer DirectX Image Transform Object Denial of Service Vulnerability
17.07.2006 : Microsoft Internet Explorer "MHTMLFile" Object Client-Side Denial of Service Vulnerability
15.07.2006 : Microsoft PowerPoint Presentation Handling Multiple Memory Corruption and DoS Vulnerabilities
15.07.2006 : Microsoft Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability
15.07.2006 : Microsoft Works File Handling Multiple Client-Side Memory Corruption and DoS Vulnerabilities
13.07.2006 : Microsoft Internet Explorer DirectX Image Transform Object Denial of Service Vulnerability
12.07.2006 : Microsoft Internet Explorer "TriEditDocument" Object Remote Denial of Service Vulnerability
11.07.2006 : Microsoft Internet Explorer HTML Editing Component Denial of Service Vulnerability
10.07.2006 : Microsoft Internet Explorer DirectX Transform Control Denial of Service Vulnerability
09.07.2006 : Microsoft Office Object Library "LsCreateLine()" Improper Memory Access Vulnerability
09.07.2006 : Microsoft Internet Explorer "DirectAnimation" Control Denial of Service Vulnerability
09.07.2006 : Microsoft Internet Explorer Remote Data Service Object Denial of Service Vulnerability
07.07.2006 : Microsoft Internet Explorer "appendChild()" Client-Side Denial of Service Vulnerability
06.07.2006 : Microsoft Internet Explorer Structured Graphics Control Denial of Service Vulnerability
03.07.2006 : Microsoft Internet Explorer Data Access ActiveX Remote Denial of Service Vulnerability
06.06.2006 : Microsoft Internet Explorer Keystroke Events Handling Arbitrary File Upload Issue
10.05.2006 : Microsoft Windows Infotech Storage System Library Heap Corruption Vulnerability
27.04.2006 : Microsoft Internet Explorer ActiveX Control Dialog Box Security Bypass Vulnerability
27.04.2006 : Microsoft Products "mhtml" Cross Domain Information Disclosure Vulnerability
26.04.2006 : Microsoft Office 2003 "mailto:" URI Handler Arbitrary File Attachment Weakness
05.03.2006 : Microsoft Visual Studio "dbp" and "sln" File Handling Buffer Overflow Issue
13.02.2006 : Microsoft Internet Explorer Drag and Drop Events Timing Vulnerability
06.02.2006 : Microsoft HTML Help Workshop Multiple File Handling Buffer Overflow Vulnerabilities
11.01.2006 : Microsoft Visual Studio "UserControl.Load" Code Execution Vulnerability
10.01.2006 : Microsoft Windows Metafile Handling Denial of Service Vulnerabilities
Just how many of those unpatched holes have been exploited by bad guys? Since many are several years old you can bet that most of them have. Does your AV protect against them? That's the gamble, isn't it? Ready to lay your wallet, home, and possibly your job on the line to find out if someone has gotten a hold of your personal info by continuing to run Windows?
... Plus they don't know how to use Linux (except for the basics - like Firefox and possibly OpenOffice.org Writer)...
Comment