X

Patch Tuesday comes for Vista, too

Two of the security bulletins sent out this month affect the beta of the Windows update, according to a Microsoft blog.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
While Microsoft has touted Windows Vista as its most secure client operating system yet, the unfinished product is already getting regular security fixes.

Vista, slated to be broadly available in January, is the first major Microsoft product to get security updates while it is still in beta, Microsoft employee Alex Heaton wrote on a corporate blog Tuesday.

"We are committed to release Windows Vista updates for all MSRC (Microsoft Security Response Center) critical class issues that may arise during the beta-testing period," wrote Heaton, who works on Vista security. The goal is to release the fixes as soon as possible, he said--but versions of Windows that have been commercially released, such as Windows XP, get priority.

Two of the seven "critical" Windows updates that Microsoft delivered on Aug. 8 affect Vista, Heaton wrote. These are MS06-042, for Internet Explorer, and MS06-051, which addresses a flaw in the Windows kernel.

Vista is not affected by the Windows flaw that is getting most of the attention among the Patch Tuesday bulletins. That flaw, MS06-040, affects file and printer sharing and has already been exploited in low-risk worm attacks.

Updates for the security issues that affect Vista have been sent out to Windows Update and are available in the Microsoft Download Center, according to the software maker.

These are not the first security fixes for Vista. In January, Microsoft released a security update to address the same image-rendering vulnerability found in earlier versions of the operating system. The patch fixed a flaw in the way the operating system's Graphics Rendering Engine processes Windows Meta File images. The WMF handling bug was being exploited in cyberattacks.