Vista passes its first Patch Tuesday test

Vista passes its first Patch Tuesday test

Summary: It's Patch Tuesday, and Microsoft doled out a dozen Critical and Important updates for Windows and Office via Automatic Updates. But if you're running Windows Vista, you can hit the snooze button for another month. None of those patches - not a single one - apply to Windows Vista or Office 2007. But there is a new Ultimate Extra

SHARE:
TOPICS: Windows
4

It's Patch Tuesday, and Microsoft has released 12 Critical and Important updates.

But here, where I'm running Windows Vista Ultimate Edition and Office 2007, I didn't have to install a single one of those updates. That's right: None of the vulnerabilities addressed in those security patches affected Vista or Office 2007. [See update at end of post.] For those skeptics who were wondering whether the security-focused changes in the development process would pay off, here's your answer:

Those Important updates? New junk-mail filters for Windows Mail and Outlook 2007. Useful but hardly earth-shattering.

Oh, and for those who've been grumbling that the Windows Vista Ultimate Extras are slow to arrive, check out the item at the bottom of that list. The Windows DreamScene Preview is an early version of the full-motion wallpaper Bill Gates showed off in his keynote at CES last month. That makes three Ultimate Extras, for those who are keeping score.

Update 14-Feb 5:40AM PST: As my colleague Ryan Naraine points out in the Talkback section, one of the February security bulletins indirectly affects Vista. MS07-010 affects the Microsoft Malware Protection Engine, which is used in all Microsoft anti-malware products including Windows Defender in Vista. On this system at least, the protection engine had already updated itself to repair this vulnerability.

Just to make the point even more obvious, here's what was waiting on my XP/Office 2003 machine this morning:

Big difference.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Good news!

    To be honest, I'm not really expecting fewer patches for Vista, only that the severity rating is lower. For example, any vulnerabilities that affect IE7 on Vista simply won't be as critical considering that IE7 runs with next to no system privileges. The vulnerability would still be there but no harm could come of anyone exploiting that vulnerability. Similarly, any exploit that relied on Admin rights would also be less severe considering the new and improved defaults in Vista.

    However, if there actually are fewer vulnerabilities to patch, I'm certainly okay with that too. :)
    NonZealot
    • I expect fewer vulnerabilities too

      There have been some big changes in development at Microsoft specifically designed to identify places where buffer overflows could occur and eliminate them early in the coding process. There's also a much lower attack surface for apps and services. So I think it's reasonable to expect fewer vulnerabilities overall, with lower severity for those that survive.
      Ed Bott
  • MS07-010 affects Vista

    Hello Ed, MS07-010 addresses a code execution flaw in the Microsoft malware protection engine.

    Microsoft Windows Defender in Windows Vista is affected.

    See: http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx

    You won't see this coming down via the traditional Automatic Updates but the auto-update mechanism in Windows Defender will bring it down to Vista soon enough.

    _ryan
    Ryan Naraine
  • Price Per Extra?

    So, Microsoft has released its third Premium "extra". What does this make the price per extra? Sounds like some really expensive software to me!
    bmgoodman