Microsoft will, for the first time ever, release updates designed to fix security vulnerabilities in the gold version of its latest Windows client. Throughout the development process, early adopters and testers of Windows 7 Beta Build 7000 and Release Candidate (RC) Build 7100 have been able, on more than one occasion, to download patches for Critical security updates for the successor of Windows Vista. It is Microsoft’s official policy to provide security updates only for Critical vulnerabilities even for its software products that are in pre-release stage. But come next week, Windows 7 will get its first patches for security holes that have been discovered after the operating system was released to manufacturing.

The Windows 7 code was signed off on July 22nd, 2009, and the general availability date is set for October 22nd. In this context, Microsoft is offering the first Windows 7 RTM patches even before the operating system is available to the public. Still, there are quite a few customer groups, including MSDN and TechNet subscribers, that are already running Windows 7 RTM as their main OS (I for one, know I am) and who welcome the patch release.

According to the preliminary information made available by the software giant, no less than five security bulletins that are scheduled for release on October 13th, 2009 will affect Windows 7 RTM, both the 32-bit (x86) and 64-bit (x64) flavors. Only one of the five patch packages comes with a maximum severity rating of Critical, and in fact it is designed to resolve a security problem in Internet Explorer 8. The remaining four security bulletins for Windows 7 are rated only Important by Microsoft.

But the first security bulletins for Windows 7 RTM are also synonymous with a victory for the latest Windows client in comparison to Windows XP and Windows Vista. In contrast with Windows 7, XP is affected by nine security bulletins, six of which Critical. In addition, eight of the ten security patches for Windows target Vista, five Critical.

“For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning. Among the updates this month, we are closing out two current security advisories: Vulnerabilities in SMB Could Allow Remote Code Execution (975497); Vulnerabilities in the FTP Service in Internet Information Services (975191). Usually we do not go into this level of detail in the advance notification but we felt that it is important guidance so customers can plan accordingly and deploy these updates as soon as possible,” revealed Jerry Bryant, Microsoft security program manager.