14 DAY TRIAL // Early adopters running the latest release of Windows 7 Service Pack 1 will also need to deploy the first patches offered for Windows in 2011. Specifically, testers will have to make sure that Microsoft Security Bulletin MS11-002 is installed as it is designed to patch a Critical vulnerability which also affects the Release Candidate (RC) of Windows 7 SP1.
Bulletin MS11-002 is set up to resolve two privately reported security holes in Microsoft Data Access Components. According to Microsoft, customers running the pre-release version of Windows 7 SP1 are also impacted by the patches.
Of course, it’s not uncommon for the software giant to release security updates for software that is still in development, especially if the patches are designed to resolve Critical issues.
“Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta are affected by the vulnerabilities described in this bulletin. Customers running these beta releases are encouraged to download and apply the update to their systems.
“Security updates are available from Microsoft Update and Windows Update. The security update is also available for download from the Microsoft Download Center,” the Redmond company.
ADO Record Memory Vulnerability - CVE-2011-0027 is the most severe out of the two security problems resolved by MS11-002.
The software giant confirmed that this is a remote code execution vulnerability, associated with Microsoft Data Access Components validation of memory allocation.
“This vulnerability could allow code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft explained.
Windows 7 SP1 RC was released at the end of October 2010 and continues to be available for download to testers. The RTM version of the first upgrade to Windows 7 is expected by the end of March 2011.
Windows 7 Service Pack 1 (SP1) Release Candidate (RC) Build 7601.17105.100929-1730 and Windows Server 2008 R2 Service Pack 1 (SP1) Release Candidate (RC) Build 7601.17105.100929-1730 are available for download here.