Windows Vista has been exhaustively applauded as the most secure Windows operating system on the market. And yet, new security holes in the platform come to prove that Vista is neither foolproof nor perfect. Despite the strong emphasis it placed on security, Microsoft did in fact reveal that Vista is no silver bullet, and that additional security solutions still have to be made an integer part of the operating system. This because all the mitigations introduced in Vista, and the Secure Development Lifecycle are by no means equivalent with a full guarantee of bulletproof security.

Case in point, in October, Microsoft is cooking no less than three security bulletins impacting Windows Vista. Two of the updates are designed to patch critical vulnerabilities in the operating system. For the Redmond company, a security flaw receives the label of critical in the context in which a successful exploit can lead to remote code execution and the complete takeover of the operating system. According to Microsoft, both the 32-bit and 64-bit editions of Windows Vista are affected by a critical vulnerability.

The remaining critical flaw is residing in the Internet Explorer 7 browser that ships by default with the platform, for both the x86 and x64 SKUs. Vista can also be attacked via a vulnerability in Windows Mail, the default email client built into the operating system. However, the last example is labeled with a security rating of important. But the security flaws in IE7 and Windows Mail yet again bring about the question if vulnerabilities in the default components of Vista should or should not be considered as impacting the operating system. On October 9, Microsoft plans to make available a total of four Critical and three Important Security bulletins affecting a range of products.

"We're currently planning to release seven security bulletins: five Microsoft Security Bulletin affecting Microsoft Windows with a Maximum Severity rating of Critical; one Microsoft Security Bulletin affecting Microsoft Office with a Maximum Severity rating of Critical; and one Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office with a Maximum Severity rating of Important", revealed Christopher Budd, Microsoft Security Program Manager.