The SANS Internet Storm Center publishes Microsoft Black Tuesday – December 2006 overview — looks pretty grim. Seven patches focused on the OS: Internet Explorer, deeply embedded in the Operating System, and still generating monthly flaws, Outlook Express, Microsoft's bundled email client, Windows Media Player, Microsoft's bundled application as well. Other flaws include crss, SNMP, RIS, and one in Visual Studio 2005. All Windows users should review and patch asap.
So, for 2006, MS released 78 patches for Windows and included software, as well as some not included in this count for Office and other tools. That doesn't stack up too well against previous years. The “Trustworthy Computing” memo is getting long in the tooth, and Microsoft should have enough time to review and audit its software and remove a lot of these flaws. Instead, we see “new” versions of their software like Server 2003 still affected by common components with flaws. Hopefully, with the release of Windows Vista and Office 2007, many of the flaws will finally be plugged. But Microsoft's customers have to be growing tired of this.