14 DAY TRIAL // In the end, beating the old drum of Windows Vista as the most secure Windows operating system on the market, is nothing more than a marketing campaign. Microsoft has constantly been applauding Vista as an apex of security in relation not only to previous Windows releases, but also to rival platforms. But at the same time, while Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group, has proved an insatiable counter of operating system vulnerabilities, the Redmond company has managed to prove itself wrong. With the latest release of security patches, Microsoft issued fixes for no less than nine vulnerabilities impacting Windows Vista either directly or indirectly through the components that ship by default with the platform. The true measure of Vista's patching takes contour, as the operating system is affected by the vast majority of security updates designed to patch a total of 11 vulnerabilities.
"Microsoft released seven bulletins this month, covering a total of eleven vulnerabilities. Nine of the vulnerabilities affect Microsoft Vista either directly or through applications running on that operating system. The first three bulletins discuss seven client-side vulnerabilities rated 'Critical' by Microsoft. Four of those are vulnerabilities in Internet Explorer, two more affect DirectX, and the seventh is a vulnerability affecting the Windows Media Format Runtime. These issues do require some sort of user interaction (such as visiting a malicious Web page, opening a malicious email, or opening a malicious file), but can aid in the remote compromise of a victim's computer. Users are advised to use security best practices, including avoiding sites of unknown or questionable integrity", explained Rob Keith, Symantec Security Response Engineer.
Critical vulnerabilities in Server Message Block Version 2 and in DirectX take their tole on Windows Vista directly. And on top of them, four vulnerabilities in Internet Explorer 7 on Windows Vista have also been tagged with a maximum severity rating of Critical, as they allow for remote code execution in the eventuality of a successful exploit. An attacker could additionally gain elevation of privileges on Vista via a flaw in the Windows Kernel, as well as completely take over the operating system through a hole in Windows Media Format Runtime 11. "The remaining vulnerabilities (four issues rated as 'Important') are each documented in their own bulletin. They include vulnerabilities in MSMQ (Microsoft's Message Queuing Service), Vista's Server Message Block version 2 (SMBv2), and the Windows kernel. As well there is an update to a previously documented vulnerability in Macrovision SafeDisc (secdrv.sys)", Keith added.