Intended to put that up to the 'News' section, but i lack permission there so it goes here, admins feel free to move it please:

Press Release 165

Finjan Software Warns of Ten New Vulnerabilities in Windows XP SP2

SAN JOSE,CA , Nov 10, 2004 --



Finjan Software, the leading provider of proactive secure content management solutions for enterprises, announces today 10 serious security vulnerabilities discovered by Finjan's Malicious Code Research Center (MCRC) in Windows® XP Service Pack 2 (SP2) operating system.



"The recently released Service Pack 2 of Microsoft® Windows® XP operating system offers certain features of security," says Shlomo Touboul, CEO and Founder of Finjan Software. "However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security. By using Finjan's proactive security solutions, based on our patented behavior blocking technology on top of SP2, users can enjoy a secure environment that protects them from such vulnerabilities".



Finjan has provided Microsoft with full technical details concerning the vulnerabilities discovered by Finjan's Malicious Code Research Center and has been assisting Microsoft to patch these holes. In order to prevent the creation of malicious viruses and worms, Finjan will not release any technical details about these vulnerabilities until they are fully patched by Microsoft.



"Windows® XP SP2 operating system is a continuation of the same Windows XP Operating System and Windows Kernel. All Windows versions have been developed with requirements for highest backward compatibility and open architecture, with maximum productivity and ease of use. In addition, Windows® applications typically run with administrative permission with full and unlimited access to computer resources", continues Shlomo Touboul.

Read the full article here

At some point, they are going to realize, they can't make a secure OS.

unless they totally recode using something better like a unix base

There is no such thing as perfect code. Secure software requires resouces that microsoft isn't willing to commit. Almost every security feature in SP2 has been hacked to peaces. SP2 is so buggy that my collage suggests not installing it, and the "free tech support" won't tuch your machine if it has SP2 on it. I think the only security feature that made any dent was denying public access to ports by default.

Peace out

I like how Finjan software set this up like a press release to brag about their company. Why don't they get real and state that they care about $$$ and not customers.

When the 10 Patches came out in October, there was an article that mentioned their was a rumored 22 (well, twenty something) vulnerabilities out there still for Microsoft Windows that were unpatched. I never did hear anything else about those.

Having read the press release it appears more that the vulnerabilities are in internet explorer rather than SP2 specifically, just that SP2 doesn't protect the user

imho the company is trying to garner a little publicity, fair enough if they have found such serious holes in IE, but it should be commented that bugs in IE are in general pretty frequently found, and exploited, whereas flaws specifically in windows are rarer and far more serious.

So, i guess so long as you use a different browser you're nice and safe... still, eventually Microsoft might patch these flaws, you mention "22 unpatched holes in windows". Well, when you check the website (I've entirely forgotten where it is) demoing unpatched flaws in IE - some of which are years old... you do see that its perhaps not a priority for M$