But whether the user is running Vista or XP, Microsoft said the most current service pack available is always the least susceptible to security attacks. That's hardly a surprise given that service packs include previously released security updates, together with changes to default settings and additional security features. However, Microsoft Vista SP releases consistently beat those for Windows XP in all service-pack configurations.

The infection rate of Windows Vista SP1 was 61.9 percent less than Windows XP SP3 during the first half of this year, according to the report. Moreover, comparing release to manufacturer (RTM) versions, the infection rate of Windows Vista was a staggering 85.3 percent less than Windows XP, the software giant added.

Browser Vulnerabilities

On the downside, web browsers continue to represent one of Microsoft's vulnerability hot spots. Microsoft software accounted for six of the top 10 browser-based vulnerabilities that were attacked on PCs running Windows XP, but only one out of the top 10 on Vista machines, the report said.

For browser-based attacks on PCs running Windows XP, Microsoft vulnerabilities accounted for 56.4 percent of the total. By contrast, Microsoft vulnerabilities accounted for just 15.5 percent on Windows Vista-based machines, the report said.

Still, browser-based vulnerabilities should continue to be a top concern for businesses, whether they are using Vista or still running XP. The good news is that Windows security can be immediately improved without having to upgrade to Windows 7, noted Gartner Vice President Neil MacDonald, who is urging businesses to "get off" Internet Explorer 6.

"I don't care if you go to IE7, IE8, Firefox, Chrome or Opera," MacDonald said. "Anything is better than IE6 from a security perspective, and this doesn't require a move to Windows 7."

Windows 7 Enhancements

Enterprises already planning an upgrade to Windows 7 can look forward to a number of important security enhancements.

"Some are completely new -- like AppLocker and BitLocker To Go," MacDonald said. "Others are improved over what shipped with Windows Vista -- like BitLocker -- but are new to XP users."

However, many of the more popular security features of Windows 7, such as BitLocker, BitLocker To Go, AppLocker and DirectAccess, require EA/SA -- a volume-licensing package offered by Microsoft that is aimed at large organizations with 250 or more PCs.

"The cost of EA/SA must be factored into any cost-benefit analysis of migration," MacDonald said. "If you don't already have EA/SA, this can be a significant expense."

Meanwhile, MacDonald is urging enterprises to continue to run more users -- or even all of them, ideally -- as "standard users" as opposed to users with full administration rights. "If the user is running in admin mode, that's a bad thing," MacDonald said. "Standard users are not able to change the Windows system configuration, and that's important because malware will then not be able to overwrite the system 32 files, which reduces your malware exposure."

Though the security holes in IE6 pose the same potential threats to Vista PCs as to XP machines, at least with Vista the administrator has more tools to run IE7 and IE8 users as standard users, MacDonald noted. Multiple third-party products for enabling IE7 and IE8 users to browse with reduced rights on XP machines are available from BeyondTrust, Avecto and Viewfinity, he added.