Softpedia >News >Microsoft >Patches and Vulnerabilities
Softpedia Homepage   

Vista SP1 Features the Same Sins as Windows Vista

Microsoft plugs the first security hole in Vista SP1

Jan 16, 2008 15:54 GMT  ·  By
  

Windows Vista Service Pack 1 comes with the same sins as Windows Vista. The service pack is not even out the door, and is already putting users at risk. Microsoft has plugged the first security holes in Vista SP1 as the service pack is still in the Release Candidate Stage. In mid December the Redmond company opened up the testing process of Vista SP1 to all users. And with an install base over 100 million strong, the public Release Candidate for SP1 is quite a popular item among Vista downloads, especially for users looking for a breath of fresh air from the expired Wow.

However, despite the fact that Microsoft has offered an impressive list of security enhancements in the documentation delivered alongside the service pack, Vista SP1 is by no means bulletproof. Moreover, it seems that the service pack comes with some of the same vulnerabilities as the RTM version of Vista. Case in point: a vulnerability in Windows TCP/IP that can allow for remote code execution. On January 8, 2008, Microsoft released security bulletin MS08-001, labeled with a maximum severity rating of Critical, addressing two vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing.

And it seems that Vista SP1 features the Windows Kernel TCP/IP/IGMPv3 and MLDv2 vulnerability just as Windows Vista. "A security issue has been identified in TCPIP that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer," Microsoft revealed in the description of the Security Update for Windows Vista Service Pack 1 RC0.

And Windows Vista SP1 RC0 is not the only operating system in beta testing affected by the vulnerability. It seems that Windows Server 2008 Release Candidate 0 is also affected by the flaw, and as such Microsoft has also patched the RC development milestone of its last 32-bit server operating system. You will be able to download the patches from the links below:

- Security Update for Windows Vista Service Pack 1 RC0 (KB941644) - Security Update for Windows Vista Service Pack 1 RC0 for x64-based Systems (KB941644)

- Security Update for Windows Server 2008 RC0 (KB941644) - Security Update for Windows Server 2008 RC0 for x64-based Systems (KB941644) - Security Update for Windows Server 2008 RC0 for Itanium-based Systems (KB941644)