Ignoring Windows updates?

Here's why that luxury is over.

This list from Security Focus  (formerly Bugtraq) leaves no doubt that Windows without updates quickly becomes a hackers paradise. Some of the more egregious holes are being exploited in the wild to provide stub loaders into Internet Explorer or  Windows itself that can then redirect the unwitting user to sites that then attack the users system, flooding it with Spyware pop ups that infect it further. Or it simply can push this software directly without even visiting the site. 

What is critical to note about these exploits is that unlike viruses and other Spyware that are external threats outside the operating system, these become internal to Windows itself, making their detection and removal extremely difficult. In addition, firewalls and traditional security system are often useless, owing to the fact that Windows itself is now the threat.

Unfortunately, it's this difficulty removal and detection that makes  in this kind of hacking a growth industry for both malicious hackers and Internet marketers as well.  

Important Note: This list is from Microsoft Corp. only. The Security Focus   database has thousands more exploits and security leaks from hundreds of vendors, with more uncovered every day. This includes Linux, Firebox, etc. and other alternatives to Windows that are touted as hack proof. Without getting into the debate about the alternatives, two things are clear. 

1.) Programs are written by humans and humans make mistakes. Windows XP has 40-60 million of lines of code and hundreds of millions of man-hours of development. In projects this size, no one, no matter how much testing is done, can anticipate  every single way a hackers might misuse their work.  There is no magic bullet in the computer industry. Period.

2.) Finding and applying updates issued to fix problems the hackers find are the only way to minimize the risks of continuing  operations. 

Microsoft Outlook and Outlook Web Access Source Email Address Spoofing Weakness

Microsoft Windows DNS Resource Record Cache Corruption Vulnerability

Microsoft April Advance Notification Unspecified Security Vulnerabilities

Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed

Microsoft Windows WINS Name Value Handling Remote Buffer Overflow Vulnerability

Microsoft Windows WINS Association Context Data Remote Memory Corruption Vulnerability

Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability

Microsoft Internet Explorer %USERPROFILE% File Execution Weakness

Microsoft Windows UNC Path Handling Unspecified Buffer Overflow Vulnerability

Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability

Microsoft Windows User32.DLL ANI File Header Handling Stack-Based Buffer Overflow Vulnerability

Microsoft Windows LoadImage API Function Integer Overflow Vulnerability

Microsoft Windows ANI File Denial of Service Vulnerability

Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability

Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability

Microsoft Windows Local Denial Of Service Vulnerability

Microsoft Windows License Logging Service Buffer Overflow Vulnerability

Microsoft Windows Graphical Device Interface Library Denial Of Service Vulnerability

Microsoft InfoPath 2003 Insecure Information Storage Vulnerability

Microsoft Internet Explorer DHTML Method Buffer Overflow Vulnerability

Multiple Vendor loopback (land.c) Denial of Service Vulnerability

Microsoft Windows Server Message Block Handlers Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability

Microsoft Exchange Server Mail Box Sub Folder Denial Of Service Vulnerability

Microsoft Windows Hyperlink Object Library Buffer Overflow Vulnerability

Multiple Browser Information Disclosure Weakness

Microsoft SharePoint Portal Client ActiveX Control Remote Arbitrary File Creation Vulnerability

Microsoft Windows 2000 Group Policy Bypass Vulnerability

Microsoft Internet Explorer Pop-up Window Title Bar Spoofing Weakness

Multiple IMAP Client Integer Overflow Vulnerabilities

Microsoft Internet Explorer HTML Form Tags URI Obfuscation Weakness

Microsoft Windows HTML Help Control Cross-Zone Scripting Vulnerability

Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

Microsoft Internet Explorer Favorites List Script Code Execution Vulnerability

Microsoft Internet Explorer Mouse Event URI Status Bar Obfuscation Weakness

Microsoft Internet Explorer Multiple Vulnerabilities

LibPNG Graphics Library Multiple Remote Vulnerabilities

Microsoft Windows Media Player Remote PNG Image Format Buffer Overflow Vulnerability

Microsoft MSN Messenger/Windows Messenger PNG Buffer Overflow Vulnerability

Microsoft Windows Named Pipe Remote Information Disclosure Vulnerability

Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability

Microsoft Internet Explorer URI Decoding Vulnerability

Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability

Microsoft Internet Explorer Method Caching Mouse Click Event Hijacking Vulnerability

Multiple Browser URI Obfuscation Weakness

Microsoft Windows DHTML Edit Control Script Injection Vulnerability

Microsoft ASP.NET URI Canonicalization Unauthorized Web Access Vulnerability

Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability

Microsoft Windows SharePoint Services Cross-Site Scripting and Spoofing Vulnerability

Microsoft Windows COM Structured Storage Local Privilege Escalation Vulnerability

Microsoft Internet Explorer AddChannel Cross-Zone Scripting Vulnerability

Microsoft OLE Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer Unspecified ActiveX Image Control Vulnerability

Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

Microsoft Multiple Unspecified Security Vulnerabilities

Multiple Vendor H.323 Protocol Implementation Vulnerabilities

Multiple Vendor HTTP Response Splitting Vulnerability

Microsoft Windows NetDDE Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer Install Engine ActiveX Control Buffer Overflow Vulnerability

Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability

Microsoft Internet Explorer Remote Information Disclosure Vulnerability

Microsoft Internet Explorer Dynamic IFRAME File Download Security Warning Bypass Weakness

NT IIS4 Buffer Overflow Vulnerability

Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities

Microsoft Office Encrypted Documents RC4 Initialization Vector Implementation Vulnerability

Microsoft Windows Indexing Service Buffer Overflow Vulnerability

Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability

Microsoft Windows LSASS Connection Validation Privilege Escalation Vulnerability

Microsoft Windows Kernel Unchecked LPC Buffer Privilege Escalation Vulnerability

Microsoft Multiple Unspecified Security Vulnerabilities

Multiple Browser IMG Tag Multiple Vulnerabilities

Microsoft Internet Explorer FTP Client Directory Traversal Vulnerability

Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability

Microsoft Internet Explorer FTP URI Arbitrary FTP Server Command Execution Vulnerability

Microsoft Internet Explorer FTP Protocol Handler Local File Disclosure Weakness

Microsoft Windows winhlp32 Phrase Heap Overflow Vulnerability

Microsoft Windows winhlp32 Phrase Integer Overflow Vulnerability

Microsoft Windows XP Firewall ACL Bypass Vulnerability

Windows Media Player ActiveX Control File Enumeration Weakness

Windows Media Player ActiveX Control Media File Attribute Corruption Weakness

Microsoft Internet Explorer HTML Form Status Bar Misrepresentation Vulnerability

Hilgraeve HyperTerminal Session Data Buffer Overflow Vulnerability

Microsoft Word for Windows 6.0 Converter Font Conversion Buffer Overflow Vulnerability

Microsoft Windows DHCP Server Remote Buffer Overflow Vulnerability

Microsoft Windows DHCP Server Logging Remote Denial Of Service Vulnerability

Microsoft Word for Windows 6.0 Converter Table Conversion Buffer Overflow Vulnerability

Microsoft Office SharePoint Portal Server Local Information Disclosure Weakness

Microsoft Internet Explorer Remote Window Hijacking Vulnerability

Microsoft Windows Multiple Unspecified Vulnerabilities

Microsoft Internet Explorer Search Pane URI Obfuscation Vulnerability

Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer Sysimage Protocol Handler Local File Detection Vulnerability

Microsoft Internet Explorer Double Byte Character Set Handling Address Bar Spoofing Vulnerability

Microsoft Internet Explorer Drag and Drop Vulnerability

Microsoft Internet Explorer Image Download Filename Extension Spoofing Vulnerability

Microsoft Internet Explorer Infinite Array Sort Denial Of Service Vulnerability

Microsoft RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption Vulnerability

Microsoft Internet Explorer File Download Security Warning Bypass Vulnerability

Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability

Microsoft Windows Compressed (zipped) Folder Buffer Overflow Vulnerability

Microsoft ISA and Proxy Server Web Site Spoofing Vulnerability

Microsoft Internet Explorer Cookie Overwrite Vulnerability

Microsoft Internet Explorer Embedded Content Status Bar URI Obfuscation Weakness

Microsoft Windows DDEShare Buffer Overflow Vulnerability

Microsoft Internet Explorer Local Resource Enumeration Vulnerability

Microsoft Internet Explorer IFRAME Status Bar URI Obfuscation Weakness

Microsoft XML Parser Remote Denial of Service Vulnerability

Microsoft Internet Explorer TABLE Status Bar URI Obfuscation Weakness

Multiple Vendor Content Filtering Bypass Vulnerabilities

Multiple Vendor Internet Browser User Action Prediction/Interception Weakness

Microsoft Internet Explorer Font Tag Denial Of Service Vulnerability

Microsoft Windows Program Group Converter Filename Local Buffer Overrun Vulnerability

Microsoft Windows Kernel Local Denial of Service Vulnerability

Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability

Microsoft Windows Kernel Virtual DOS Machine Privilege Escalation Vulnerability

Microsoft Window Management API Local Privilege Escalation Vulnerability

Microsoft Windows Shell Long Share Name Buffer Overrun Vulnerability

Microsoft NNTP Component Heap Overflow Vulnerability

Microsoft Excel File Handler Buffer Overflow Vulnerability

Microsoft RPC Runtime Library Remote Denial Of Service And Information Disclosure Vulnerability

Multiple Vendor TCP Packet Fragmentation Handling Denial Of Service Vulnerability

Microsoft Internet Explorer HHCtrl ActiveX Control Cross-Domain Scripting Vulnerability

Microsoft Internet Explorer Malformed HTML Null Pointer Dereference Vulnerability

Microsoft Windows XP WAV File Handler Denial Of Service Vulnerability

Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability

Microsoft Internet Explorer Popup.show Mouse Event Hijacking Vulnerability

Microsoft Internet Explorer Style Tag Comment Memory Corruption Vulnerability

Microsoft Internet Explorer Heartbeat ActiveX Control Unspecified Vulnerability

Microsoft Internet Explorer Plug-in Navigations Handling Address Bar Spoofing Vulnerability

Microsoft Internet Explorer Secure Sockets Layer Caching Vulnerability

Microsoft Internet Explorer Unspecified showHelp Zone Bypass Vulnerability

Microsoft Outlook Express Plaintext Email Security Policy Bypass Vulnerability

Microsoft Outlook 2003 Security Policy Bypass Vulnerability

Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability

Microsoft Windows 2003 Services Default SACL Access Right Weakness

Microsoft Frontpage Asycpict.DLL JPEG Handling Remote Denial of Service Vulnerabilities

Microsoft Windows XP Weak Default Configuration Vulnerability

Microsoft CABARC Directory Traversal Vulnerability

Microsoft Internet Explorer Local XML Document Disclosure Vulnerability

Microsoft Word Multiple Remote Denial Of Service Vulnerabilities

Multiple Browser Cross-Domain Cookie Injection Vulnerability

Microsoft SQL Server Remote Denial Of Service Vulnerability

Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability

Microsoft GDI+ Library Malformed JPEG Handling Unspecified Denial of Service Vulnerability

Microsoft Windows CE KDatastruct Information Disclosure Vulnerability

Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability

Microsoft Internet Explorer User Security Confirmation Bypass Vulnerability

Microsoft WordPerfect Converter Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer Malformed GIF Double Free Code Execution Vulnerability

Microsoft Internet Explorer Bitmap Processing Integer Overflow Vulnerability

Microsoft Outlook Express BCC Field Information Disclosure Vulnerability

Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability

Microsoft NTP Time Synchronization Spoof Weakness

Microsoft Internet Explorer Resource Detection Weakness

Microsoft Windows XP Self-Executing Folder Vulnerability

Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability

Microsoft Windows XP Explorer Self-Executing Folder Vulnerability

Microsoft Windows HTML Help API Privilege Escalation Vulnerability

Microsoft Windows Message Queuing Service Heap Overflow Vulnerability

Microsoft Internet Explorer MHTML Content-Location Cross Security Domain Scripting Vulnerability

Microsoft Windows XP SP2 Released - Multiple Vulnerabilities Fixed

Microsoft Internet Explorer Spoofed Address Bar Vulnerability

Microsoft Windows Internet Connection Firewall Filter Bypass Vulnerability

Microsoft Windows LSASS Buffer Overrun Vulnerability

Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability

Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerability

Microsoft Windows POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability

Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability

Microsoft Internet Explorer mms Protocol Handler Executable Command Line Injection Vulnerability

Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer HREF Save As Denial of Service Vulnerability

Microsoft Systems Management Server Remote Denial Of Service Vulnerability

Microsoft JVM Cross-Domain Applet Unauthorized Communication Vulnerability

Microsoft Windows Utility Manager Local Privilege Escalation Variant Vulnerability

Microsoft Windows Shell CLSID File Extension Misrepresentation Vulnerability

Microsoft Windows HTML Help Heap Overflow Vulnerability

Microsoft Outlook Express Malformed Email Header Denial Of Service Vulnerability

Microsoft Windows Local Descriptor Table Local Privilege Escalation Vulnerability

Microsoft Windows showHelp CHM File Execution Weakness

Microsoft Internet Explorer Shell.Application Object Script Execution Weakness

Microsoft Internet Explorer URL Local Resource Access Weakness

Microsoft Internet Explorer JavaScript Interface Spoofing Vulnerability

Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability

Microsoft Internet Explorer JavaScript Null Pointer Exception Denial Of Service Vulnerability

Microsoft Outlook Express Message Window Script Execution Vulnerability

Microsoft Word/Outlook Object Tag Security Setting Compromise Vulnerability

Microsoft Windows Window Message Subsystem Design Error Vulnerability

Microsoft Internet Explorer Self Executing HTML File Vulnerability

Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass Vulnerability

Microsoft Internet Explorer Cross-Domain Frame Loading Vulnerability

Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness

Multiple Vendor FTP pipe Vulnerability

Business Objects Crystal Reports Web Form Viewer Directory Traversal Vulnerability

Multiple Vendor Broadband Router Web-Based Administration Denial Of Service Vulnerability

Microsoft Windows Remote Desktop Protocol Server Key Verification Vulnerability

Microsoft Windows H.323 Remote Buffer Overflow Vulnerability

Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability

Microsoft Virtual DOS Machine Local Privilege Escalation Vulnerability

Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability

Microsoft Windows WMF/EMF Image Formats Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability

Microsoft Windows Management Local Privilege Escalation Vulnerability

Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability

Multiple Microsoft Internet Explorer Script Execution Vulnerabilities

Microsoft DirectX DirectPlay Remote Malformed Packet Denial Of Service Vulnerability

Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability

Microsoft ISA Server Redirect URI Handler Web Proxy Service Remote Denial Of Service Vulnerability

Microsoft ISA Server Web Proxy Malformed SSL Packet Remote Denial of Service Vulnerability

Microsoft ISA Server HTTP Authentication Scheme Vulnerability

Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability

Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability

Microsoft Outlook Mail Client E-mail Address Verification Weakness

Microsoft Outlook 2003 Predictable File Location Weakness

Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness

Microsoft Outlook 2003 Media File Script Execution Vulnerability

Multiple Vendor URI Protocol Handler Arbitrary File Creation/Modification Vulnerability

Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability

Microsoft Internet Explorer CSS Style Sheet Memory Corruption Vulnerability

Microsoft UPnP NOTIFY Buffer Overflow Vulnerability

Microsoft Internet Explorer http-equiv Meta Tag Denial of Service Vulnerability

Microsoft Internet Explorer Codebase Double Backslash Local Zone File Execution Weakness

Microsoft Internet Explorer Double Backslash CHM File Execution Weakness

Microsoft Outlook Express URI Obfuscation Vulnerability

Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability

Microsoft Windows Terminal Server Patch Unspecified Denial Of Service Vulnerability