Just how bad is the first Vista security flaw?

Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely.

The New York Times claims the flaw is serious enough to result in Microsoft "facing an early crisis of confidence in the quality of its Windows Vista operating system."

Not surprisingly, Microsoft isn't portraying things as being quite so dire. Stephen Toulouse, a senior product manager in Microsoft's security group, said he's not seeing any wringing of hands in his circles:

"No one will ever get the software right 100% out of the gate. What we've done as a company is build in defense in depth capabilities in the products themselves, as well as create good processes internally that prioritize reported vulnerabilities and get them into the update cycle, while also taking the root cause information and changing the way we create the software so we can learn from these situations," Toulouse blogged.

BetaNews, which conducted its own tests on the vulnerability, is siding more with Microsoft's characterization than that of the New York Times.

"(T)ests of the flaw conducted by BetaNews suggest that, while the (message box) bug can crash Windows XP, its roots in the Win32 API dating back to Windows 3.1, coupled with the fact that the source code for the proof-of-concept appears to be straight ANSI C, directly contradict the Times' implication that the bug somehow afflicts Internet Explorer 7.0," BetaNews reported.

While all Windows flaws deserve serious attention, it seems like Vista Flaw No. 1 may not be as horrendous as some headlines and stories may be suggesting.