While I have no professional need to do so, I monitor the Microsoft Technical Security Notifications. Specifically, I monitor the comprehensive feed that includes bulletins, revised bulletins, and advisories. Security is an interest of mine, and I have been trying to use secure practices ever since I received malware through a remote procedure call vulnerability in Windows XP during my freshman year. Something that has amazed me is that none of the security notifications since the Windows Vista release have applied to either Windows Vista or Office 2007. I believe there are two reasons for this. The first reason is that both products are significantly more secure than their predecessors having been fully developed with Microsoft’s Security Development Lifecycle of its Trustworthy Computing Initiative. The second reason is that Windows Vista has not been widely deployed yet and is not generally availability. This makes it a less promising target for malware writers. It also is not in the hands of security researchers.
There have been some vulnerabilities during the beta and release candidate stages of Windows Vista reported in the popular news, but most of these were misinformed. One issue was reported in the Windows Powershell. This tool is not included in Windows Vista and never has been. Another issue is the so-called frankenbuild of Windows Vista. Unethical hackers took activation components from prereleased version of Windows Vista and spliced them into the release version so that activation could be passed. Microsoft released an update addressing this issue and the product keys used would quick working for activation once the prereleases expired.