Windows 7 beta gets its first security update

While Microsoft excluded Windows 7 from the security patching ceremony in January and in February, things went a little differently on this month's Patch Tuesday. Microsoft fixed three vulnerabilities yesterday: two were spoofing-related and were marked Important, while the other was marked Critical as it had a Remote Code Execution impact. According to the security bulletin for the last one, Microsoft said that the patch was meant "for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008." So I was surprised to see it in my Windows Update queue today (pictured above) on Windows 7 build 7000.

Microsoft disclosed that the security update resolves several privately reported vulnerabilities in the Windows kernel, the most serious of which could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. The vulnerabilities are fixed by "validating input passed from user mode through the kernel component of GDI, correcting the way that the kernel validates handles, and changing the way that the Windows kernel handles specially crafted invalid pointer."

Full Story: http://arstechnica.com/microsoft/news/2009/03/windows-7-beta-gets-its-first-security-update.ars
 
Back
Top