Last week"s disclosure of a zero-day vulnerability in Windows Vista doesn"t put a lie to the claim that it"s the safest Microsoft operating system so far, a company security manager has said. "The finding of vulnerabilities in any software is to be expected," said Stephen Toulouse, senior product manager with Microsoft"s security technology group, in a blog posting earlier this week. "This is all part of the process of creating complex software today, and no one is immune to it. It"s not, as they say, big news to us in the security industry."
Proof-of-concept code for an unpatched bug in all supported versions of Windows, including Vista, went public last week, prompting warnings from security vendors who classified the flaw as a low or medium threat. Microsoft has said it was "closely monitoring" the situation, but has not released any additional information since Dec. 22. Toulouse countered that the exploit doesn"t invalidate Microsoft"s contention that Vista is more secure than its predecessor, Windows XP. "This product [is] the most secure version of Windows we"ve produced to date. That doesn"t mean "zero vulnerabilities." No one can claim that crown," he added.