Vista SP1 rolls up 551 bug fixes

Vista SP1 rolls up 551 bug fixes

Summary: How many bug fixes are included in Windows Vista Service Pack 1? By Microsoft’s count, SP1 rolls up 551 separate hotfixes, in addition to 23 security updates rated Important and already delivered via Windows Update. A handful of those hotfixes were previously released via Windows Update, but most were available only to corporate customers and OEMs. If that sounds like a lot, well, it is. But it’s not out of line with the number of fixes that went into the first two service packs for Windows XP. I've got the full breakdown by category.


No wonder the Wow had so much trouble getting started. By Microsoft’s own count, Windows Vista Service Pack 1 rolls up 551 separate hotfixes, in addition to 23 security updates rated Important and already delivered via Windows Update. A handful of those hotfixes were previously released via Windows Update, but most were available only to corporate customers and OEMs.

If that sounds like a lot of bugs to be stomped in one service pack, well, 551 is a pretty big number. But it’s not out of line with the number of fixes that went into the two service packs for Windows XP. The first XP service pack was delivered in September 2002, about 14 months after the original RTM date; its list of fixes included updates from 24 security bulletins and 297 hotfixes. XP Service Pack 2 covered a longer period of time (23 months), but still, its list of fixes was staggering, with updates identified by 60 security bulletins and a whopping 666 (no, I did not make that number up) fixes. (If you want to do a fair comparison between the first service packs for Vista and XP, you need to exclude a few fixes from the Vista list. Back in 2002, XP Media Center didn’t yet exist, nor did Tablet PCs, Windows Sidebar gadgets, or the .NET Framework, just to name a few categories that collectively include more than 60 fixes in Vista SP1 but weren’t needed in XP SP1.)

In Microsoft’s release notes for SP1, the list of updates is stuffed into a barely formatted table that goes on for 35 mind-numbing pages (out of a total of only 55 pages). Each entry in the list consists of a Knowledge Base (KB) article number, the article title, and a general category name. Now, the categories that Microsoft’s developers use to categorize KB articles might make sense in Redmond but they aren’t very helpful from a Windows user’s point of view. So, over the weekend, I imported that list into Excel and went through it article by article, breaking it down into categories of my own devising. Here’s the list:

Fixes  Category  75  Internet Explorer  41  Sleep/Hibernation & Power Management  38  Storage  35  Hardware and Drivers  35  Networking  28  Desktop and Shell  25  Printing & Scanning Technologies  25  .NET Framework, Data Components, Development Tools  24  Setup, Deployment, Backup, and Activation  24  Windows Media Center  23  International/Localization  20  Computer Management, Administration, and Tools  19  Application Compatibility  19  Multimedia  16  Performance and Reliability  16  Startup/Shutdown  13  Time Zone/Daylight Saving Time  13  Windows Media Player and Related Technologies  12  Security  12  Remote Access, VPN   8   IIS and WebDAV issues   7   Wireless Networking   7   Offline Files   6   Windows Mail and Web-based Software   5   Windows Sidebar and SideShow   5   Windows Portable Devices

Personally, I wasn’t surprised to see Internet Explorer at the top of the list, nor was I shocked to see how many separate issues addressed problems with sleep, hibernation, and power management.

I’ll look at a few of these categories in more detail later this week, probably starting with the many fixes for sleep/hibernate/power issues. Which categories are you most interested in?

Topics: Windows, Microsoft, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And How Many Bugs Will It Create?

    Start the counting folks.
    • I don't think you understand

      I don't think you understand how fixes and patches are developed in large software companies. This isn't some home brew software project where random stuff goes in and random stuff goes out. The organization of the project and what happens is very rigorous because the only way to make product so complex and large is to get a handle of the complexity. I've seen stuff they've done in architecture and development and it is pretty amazing. Just one of the mechanisms they have for making sure what you describe doesn't happen is stringent regression testing.
      • Great Spin

        That's good know. But how 553 bugs got through this stringent testing.
        Van Der
      • More than once...

        MS fixes have broke something else.

        Personally I like home brew.
      • So why...

        does it happen?
      • Bad programming is bad programming

        As a former programmer, I would have NEVER allowed a piece of software I created to have this many bugs before I submitted it or I would have been fired.

        This just continues to show how poor MS is when it comes to completing a project properly, complex or not. we shoiuldn't have to pay high prices for poor quality.
        • double counting.

          What was the name of that OS you created? There is not an OS out there that doesn't go through this same process. the amount of dependencies in a major OS is huge and not any one programmer's fault most times.<br>
          Linux has the luxury of nobody reporting on most of it's patches and bug fixes but they are just as plentiful as Microsoft in relative terms. <br>
          Leopard could be approaching this number already, and their security patches are around 15 to 1, OSX to Vista. Linux the same....but they typically run in perpetual beta so they don't count. <br><br>
          Most of all, the security related patches are being double reported here and many of the other fixes as well were available in hotfix form along the way. <br>
          This story is sensationalized.
          • And you get this fact where????

            [i]Linux has the luxury of nobody reporting on most of it's patches and bug fixes but they are just as plentiful as Microsoft in relative terms.[-i]

            And you have proof of this? Where are the numbers?

            I thought so......
            linux for me
          • good point

            please, elaborate on this story. I am interested to see all the number as mentioned before. I mean this could mean big things for Vista, maybe i wont hate it so much anymore.

            ... how much is Microsoft paying you?? hehe jk jk.
          • Well

            Between those posted on reputable sites and the multiple vulnerability reporting mailing lists i'm on, I have to say that this is definately true. <br><br>
            By nobody reporting, i mean zdnet doesn't make a headline out of every gentoo bug fix or security flaw. <br>
            My main point is that most people viewing this site, with no prior exposure to zealots and the ABM attitude of the vast majority here that in many cases don't even use windows, they might just get the idea that Windows is horrible and Linux has not security problems or flaws of any kind. <br><br>
            Now, did you read my post closely? <br><br>
            I thought so. <br><br>
            If you had, you'd have noticed I said Linux has as many flaws and bugs relative to windows. That is to say, Windows has over 90% of the worldwide market, is a major target of hackers and the ecosystem and patch management at that level presents problems, unless you've worked with a very large integrated system, you might not have ever thought about or imagined. I have worked with a very large healthcare software vendor and i know when you have a very large marketshare and a fully integrated solution, patch management is simply much more difficult. But the economy of scale and many other advantages outweight that one downside. By far. <br>
            Now back to the "relative" part.....Linux has 1% of the desktop market,so right off it's easy to see that relatively speaking, they have their share of flaws and vulnerabilities for their small market presence. Now take the only OSS project that has gained any real traction on the desktop - Moxilla Firefox. I dare say, over the last few years the reported security issues are no less than IE in total. Look for yourself at secunia.
          • Not double reported

            I carefully corrected for any security bulletin that has an MS07 or MS08 designator on it, and I noted that some of these were delivered as updates via Windows Update.

            Before you go throwing accusations about sloppy research, you might check your own facts.
            Ed Bott
          • Where did I accuse you of "sloppy" research.?

            Before you jump to conclusions, you might want to take note of who reads your columns for the benefit of them, That would be me.
            I misunderstand a statement or two in your story is what it comes down to. I thought you pointed out that the security updates, as well as some of the bug fixes had been previously available. <br>
            Sorry about that, but i was making no accusation. Maybe i could have used a differetn subject line, but i had no intention of it being aimed at you or your research. <br>
          • "Sensationalized"

            That word does not mean what you think it means. Carefully counting fixes and delivering a report of that is not sensationalism.

            And double counting would have been sloppy research. That's why I didn't do it.
            Ed Bott
        • re: Bad programming is bad programming

          Microsoft has to deal with literally thousands of different configurations, and different programs. How many configurations does your programs have to deal with?
          • How many configurations?

            I donno. How many configurations does "Hello World" have?
            Duke E. Love
        • Depends on how you look at it...

          If other OS's were scrutinized the same as MS is they'd be in the same ball park too. And remember, we're not talking about a "piece" of software here, we're referring to an entire OS...much more complex and intricate than single-minded apps.
        • Um, think about what you just said.

          Have you ever written anything 1/100th as large and as complex as windows?

          Do you think they knew that all those bugs were there.

          Let me have at some of your software, I'm real good at finding bugs. I'll bet I would surprise you with how many there are.
    • Bicker, bicker, bicker...

      You people are B-O-O-O-O-R-I-N-G !!! Yes, ALL OSs are very comples pieces of software and they ALL have bugs =>> fixes. But the bottom line is that if cars and airplanes were built and sold the same way these OSs are, "Hurry up so we can grab the market share", and, IMO, MS is the worse to release stuff and let the users debug it for free... I repeate, if cars and planes were put in use in ths same fashion, NONE OF YOU WOULD GET ON A SINGLE ONE!!! It is WRONG to release crap just to make $$$, and I don't care which company does it.

      Ed, to do fair comparison between the first SP for V & XP, I MUST take into consideration, also, that XP *should have been* a teaching experience for MS... to come up with the same stuff seven years later shows either incompetence or lack of concern. I'm no trying to jump on your bones like they all are doing on you or each other, just thought that "experience plus time" is an important enough factor to take into account. Thanks for the article. Cheers.
      No name specified
  • You Forgot Two

    1 Uninstalls Windows Vista
    1 Reinstalls Windows XP Professional
  • Are you sure you have the real SP1??

    SJVN thinks MS is lying to you!

    The RTM bits are not the real RTM bits!

    Seriously though; Thanks for the list Ed!