Vista receives more security updates

Last night Microsoft released several security and reliabilty updates for Windows Vista.

Most of the updates were minor in that they fixed compatibility/rare stability issues. However, some were classed as "important" by Microsoft update (as opposed to "recommended"). None were listed as "critical".

Ironically there was an update to XML core services which was solely to fix the issues that a previous update had caused. The original update addressed some vulnerabilities in Office, Windows media player and Internet Explorer.

Another 2 updates were made to Vista and Internet Explorer to patch a vulnerability that allowed a user to gain control of the system. Why this was listed as important and not critical I am not sure. The Vista update is perhaps not "critical" as it was a single "privately reported vulnerability" about potential Denial of Service problem rather than something that was in active use by hackers or easy to carry out.

The Internet Explorer cumulative update although only listed as "important" on the update is shown as Critical on the Microsoft Security Bulletin MS07-057 which states the update resolves 3 privately reported and 2 publicly disclosed vulnerabilities. The most serious of these vulnerabilities was that a clever person could craft a web page that if viewed using Internet Explorer could allow remote code execution and allow the hacker to take control of the users system. The update was rated critical for all windows versions running IE6 or IE7 except windows Server 2003 in which it was rated moderate.

The Malicious Software Removal Tool received an update and immediately scans for potentially harmful software - this causes the update to take longer than expected.

Updates also included one for windows media player to prevent lock-ups and database corruption that can occur in certain scenarios. Two updates to Outlooks Junk mail filter to help catch more spam.