Microsoft on Friday released the first security update for Windows Vista, the Redmond, Wash.-based developer's next-generation flagship OS that's touted as ultra secure.
The patch fixes a bug in how Windows' graphic rendering engine processes Windows Metafile (WMF) images. That bug was first discovered in late December 2005 and was quickly exploited by hackers to infect systems with spyware, adware, and other malicious code.
The Jan. 5 out-of-cycle WMF security fix from Microsoft didn't--and still doesn't--list Vista among the flawed, but with the posting of patches it's clear that the same "SetAbortProc" function at the root of the WMF bug exists in Vista.
In the update documentation Microsoft said only that "A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it." That language, however, closely matches what Microsoft wrote in its MS06-001 security bulletin, where it said "a remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images."
These are the first fixes issued for the still-in-development Windows Vista.