14 DAY TRIAL // Well, if you needed a reason to upgrade to Windows Vista SP1 from the RTM version of Microsoft's latest Windows client, then added security is by all means a catalyst of the service pack's deployment. Microsoft did tout the security enhancements synonymous with the evolution from Vista RTM to Vista SP1, and on February 12, 2008, the company gave ample examples of the fact that the addition of the service pack to the original fabric of the operating system all but bulletproofs the platform.
The February 2008 Monthly Bulletin Release does not affect Windows Vista SP1 in the least. Out of the 11 security bulletins made available on February 12, designed to patch a total of 17 security vulnerabilities, 10 of which labeled with a maximum severity rating of Critical, not a single one impacts Windows Vista SP1.
There are a total of six security bulletins designed to patch security vulnerabilities in Windows Vista, as well as in previously released versions of the Windows operating system, for both the client and server side. For all under the Non-Affected Software section of the documentation accompanying the security updates, it reads Windows Vista Service Pack 1 (all editions).
Windows Vista has not been so lucky. In fact, two security bulletins rated as Critical also address holes in the latest Windows Client. Microsoft Security Bulletin MS08-008 - Critical Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) and Microsoft Security Bulletin MS08-007 - Critical Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) both plug Critical holes in Vista, that can allow an attacker to execute remote code on a compromised operating system and to completely takeover the platform.
"This critical security update resolves one privately reported vulnerability in the WebDAV Mini-Redirector. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for all supported editions of Windows XP and Windows Vista and an important security update for all supported editions of Windows Server 2003," Microsoft revealed for MS08-007.
"This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6," the company added for MS08-008.
The remaining security bulletins affecting the Windows platform, Vista included, can be found via the links below:
- Microsoft Security Bulletin MS08-003 - Important Vulnerability in Active Directory Could Allow Denial of Service (946538) - Microsoft Security Bulletin MS08-004 - Important Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) - Microsoft Security Bulletin MS08-005 - Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) - Microsoft Security Bulletin MS08-006 - Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)