Windows 7 RTM Critical Patches Available for Download

Microsoft has made available five security bulletins that affect the latest iteration of the Windows client, nine days away from the official general availability deadline of the product. Windows 7 was released to manufacturing on July 22nd, and is scheduled to hit the shelves next week, on October 22nd. October 13th marked the first security updates released for the successor of Windows Vista since the RTM almost three months ago.

According to Microsoft, two of the five bulletins designed to resolve security issues in Windows 7 feature the maximum severity rating of Critical, meaning that the high-risk level vulnerabilities patched could allow for remote code execution without user interaction in the eventuality of a successful attack. In this regard, the five patch packages are set up to plug a variety of security holes, some reported privately to Microsoft, others with details already available to the public, and with one issue already exploited in the wild.

Customers running Windows 7 RTM are advised to patch their operating systems immediately, and it will not be an uncommon scenario for users booting the OS for the first time next week, and starting to apply patches and updates distributed via Windows Update. The best way to grab the security updates for Windows 7 is to turn to Windows Updates, but I also managed to include the download links at the bottom of this article, for those of you who prefer a hands-on approach.

Out of the five security bulletins that impact Windows 7 a couple manage to stand out. Both Microsoft Security Bulletin MS09-054 and Microsoft Security Bulletin MS09-061 are rated Critical, and deliver fixes for Internet Explorer 8-related vulnerabilities, respectively for Microsoft .NET Common Language Runtime flaws.

MS09-054 – “resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft explained.

MS09-061 – “resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application,” the company stated.

The remaining bulletins that affect Windows 7 RTM, MS09-055, MS09-056 and MS09-059 are all rated Important for the latest version of the Windows client, and deal with vulnerabilities in ActiveX, Windows CryptoAPI, and respectively in Local Security Authority Subsystem Service.

Here are the download links:

Windows 7 RTM Critical Patches Available for Download

Users are advised to apply the security updates as soon as possible