Microsoft Issues First Patches For Vista - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:11 PM

Microsoft Issues First Patches For Vista

Microsoft confirmed that two of last week's 12 security bulletins were for Vista and posted instructions for downloading security updates for the new Windows.

Microsoft confirmed Tuesday that two of the 12 security bulletins issued last week affect Windows Vista Beta 2, the widely-used preview, and posted download instructions for the first security updates to its next-generation operating system.

"We are committed to releas[ing] Windows Vista updates for all MSRC [Microsoft Security Response Center] critical class issues that may arise during the beta testing period," wrote Alex Heaton, product manager for the Windows Vista security team, on the group's blog.

Out of the dozen bulletins released Aug. 8, two -- MS06-042 and MS06-051 -- impact Vista Beta 2. "Of the seven critical Windows updates released in August, only 2 also affect Windows Vista Beta 2 or later," said Heaton.

MS06-042 is a cumulative security update for Internet Explorer that included patches for 8 different vulnerabilities; MS06-051 detailed a fix for a flaw in the Windows kernel that might let attackers hijack PCs by drawing users to malicious Web sites.

Neither bulletin, however, yet offers details on Vista Beta 2, nor even mention the operating system as among those impacted. The only explanation came from Heaton. "Microsoft does not include information about beta products in formal security bulletins." The company did not immediately respond to follow-up queries about how it released the Vista vulnerabilities' patches and why it chose to deliver them sans details.

The download sites for the updates -- this link is for the IE 7 fix, this site for the kernel patch -- also lack the information normally posted by Microsoft in its security bulletins' FAQs.

"We really should have been told about these Vista vulnerabilities last week," said Michael Cherry, an analyst at Redmond, Wash.-based Directions on Microsoft. "Microsoft should have told us then that Vista needed to be patched, too."

Vista is in beta, Cherry acknowledged. "On one hand, it's not a supported release and people are supposed to take the appropriate cautions, and not put it into a production environment. But you can't test it that way. And this is a very wide beta."

More worrisome, said Cherry, is that Vista, even in beta, faces a much different security landscape than the last-released desktop client OS, 2001's Windows XP. "Then, if you put a beta on a machine, someone might get to it and, say, deface a Web site," Cherry said. "Minor stuff. But now it's just as likely that they'll try to turn these Vista machines into zombies.

"The [security] environment has changed. I'm very nervous about using Vista Beta 2 like this because the [security] situation's changed."

Microsoft's Heaton, meanwhile, told Vista Beta 2 users that update support will end as soon as the preview's successor -- to be dubbed Release Candidate 1, or RC1 -- appears. "Updates will no longer be released for Windows Vista Beta 2 after RC1 has been released, and updates for pre-release versions will not be released after Windows Vista has released to manufacturing."

Whatever information Microsoft decides to provide on future security vulnerabilities within Vista will be posted to the support document tagged as "921583" and available here. In that document, Microsoft recommended users apply the updates "immediately."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll