Since I’ve just spent a while updating three Windows machines with this week’s half a dozen security and antivirus updates, here are some statistics I found interesting.
| Product | Critical security holes to date |
|---|---|
| Internet Explorer | 68 |
| IIS | 56 |
| Windows NT 4 WS | 48 |
| Windows NT 4 Server | 41 |
| Windows NT 4 Terminal Server Edition | 40 |
| Windows NT 4 Server Enterprise Edition | 36 |
| Windows 2000 Professional | 34 |
| Windows 2000 Server | 31 |
| Windows 2000 Advanced Server | 31 |
| SQL Server | 28 |
| Windows 98 | 26 |
| Exchange Server | 25 |
| Windows 95 | 16 |
| Windows 98SE | 15 |
| Windows 2000 Datacenter Server | 11 |
| Windows ME | 10 |
| Windows 2000 | 9 |
| MSDE | 8 |
| Windows Media Player | 8 |
| Windows XP Professional | 7 |
| Site Server | 7 |
| Commerce Server | 6 |
| Windows XP Home | 6 |
| Site Server Commerce | 6 |
| Visual Studio | 3 |
| Systems Management Server | 3 |
| Index Server | 3 |
| Visual Basic | 2 |
| ISA Server | 1 |
| Content Server | 1 |
Another interesting statistic: Microsoft is trying to reduce the number of security bulletins it has to issue by bundling multiple products’ vulnerabilities into a single bulletin. Each security bulletin now covers an average of 2.5 products.
Number of Outlook-specific viruses and worms: 274.