
Re: @ Chris Matchett
I wouldn't say that Microsoft fixed this vulnerability in newer and current OSes (according to Microsoft, XP is still a current OS so your argument is flawed from the beginning!) - they simply didn't include the affected component in versions of DirectX released with Win2K8 and Vista. That doesn't mean however that they fixed it... capiche?
Additionally, I'd disagree with the implication you're making that this vulnerability isn't serious because it affects systems that are at least 7 years old now. That means that, as well as the operating system, the vulnerability has been around for a long time too. It hasn't been disclosed until now - possibly because any cases of it being exploited weren't public until now- but we'll never know when Microsoft were made aware of it. Maybe they only became aware of it very recently... maybe they knew flippin' ages ago but decided it wasn't in their interest to disclose it. Who knows? We never will.
The "security by obscurity" model that Microsoft continues to adhere to means that these vulnerabilities can remain hidden from the user base for potentially years. However, that's not to say that the Bad Guys aren't aware of such vulnerabilities and secretly using them.
One of the great things about open sourced software is that it opens it up to be scrutinised by a million pairs of eyes... sure some bad people may look through the code to try and find flaws, but they do that with Windows, OS X, etc... in any case. I'd rather have millions of the Good Guys actively looking for and fixing bugs rather than expecting Microsoft or Apple to pick these things up once the code is already written and out there (which they weren't able to do before it got released so what makes them more likely to do so afterwards?).
ps - anyone else getting very bored of the tedious OS flame wars that are becoming too commonplace at El Reg? This ain't Slashdot.... I thought we were all IT professionals.
Paris.... cause she's not adverse to opening herself up for scrutiny by millions of pairs of IT geeks' eyes either.