Microsoft issues patches for beta version of Vista

OS gets vulnerability fixes before release

  • E-Mail
By  Published  September 1, 2006

Despite being an unfinished product, Windows Vista is already getting regular security fixes. In a recent security update released last month, two of the seven patches issued for critical vulnerabilities were for the Vista operating system — this after Microsoft touted it as its most secure yet.

The Vista OS is still in the beta stage — where it is being tested and not a finished product and Microsoft does not normally issue security updates for beta software.

In a corporate blog on the subject Microsoft employee Alex Heaton, wrote: “We are committed to releasing Windows Vista updates for all Microsoft Security Response Center (MSRC) critical class issues that may arise during the beta-testing period.”

“The goal is to release the fixes as soon as possible,” he went on to add.

Heaton, who works on Vista security, added that the priority is to fix versions of Windows that have been commercially released such as Windows XP.

The two critical Windows patches issued for Vista are the MSO6-042 for Internet Explorer and MS06-051 which addresses a flaw in the Windows kernel. However Vista has not been affected by the MS06-040 flaw which affects file and printer sharing and which already been exploited in low risk worm attacks, according to the last security update.

The latest Vista security updates follow on from earlier fixes issued by Microsoft in January when it released a security update to address the same image rendering vulnerability which was found in earlier versions of the operating system.

The patch fixed a flaw in the way the system’s Graphics Rending Engine processes Windows Metal File (WMF) images. The WMF handling bug was being exploited in cyberattacks by hackers, Microsoft said at the time.

In July Microsoft unveiled 12 guiding principles that it pledged to follow in the future development of Windows — including Vista. The principles are divided into three broad categories: choice for computer manufacturers and customers, opportunity for developers and interoperability for users.

However, these principles do not cover security issues.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code