XP SP3 and Vista SP1 Hit with New Round of Critical Vulnerabilities

At the start of July, Kevin Turner, Microsoft Chief Operating Officer, revealed that the Redmond company considers Windows Vista an apex of security, and in this sense, superior to Mac OS X, Linux, the whole of open source and even Windows XP. Yet this perspective is not sufficient to take either Vista or XP out of the equation of Microsoft software products hit by Critical vulnerabilities. In fact, Microsoft is gearing up to release a new round of patches for a variety of its products including Windows Vista Service Pack 1 and Windows XP Service Pack 3. The Redmond giant is cooking no less than 12 packages of security updates scheduled for release on August 12.

"I did want to remind you that this information is intended to help with your planning for testing and deployment for next week's release. It is preliminary information and it is subject to change," revealed Christopher Budd, Security Program Manager Microsoft Security Response Center. "As part of our regularly scheduled bulletin release, we're currently planning to release seven Microsoft Security Bulletins with maximum severity of Critical, and five with maximum severity of Important. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer. As we do each month, we'll be releasing an updated version of the Microsoft Windows Malicious Software Removal Tool."

32-bit Windows XP SP2 and SP3, as well as 64-bit XP and XP SP2 are directly impacted by one Critical and one Important vulnerabilities. Indirectly, the operating systems could also be affected by attacks leveraging Critical holes in Internet Explorer 6 and 7 and Windows Media Player 11, and two Important flaws in outlook Express and Windows Messenger 4.7 and 5.1.

Users running Windows Vista RTM or SP1 are at risk from attacks designed to exploit a pair of Important vulnerabilities in the latest Windows client. Windows Mail, which is a default component of Windows Vista, also features security holes labeled with a severity rating of Important. However, the Critical vulnerabilities in IE7 and Windows Media Player 11, included by default into the operating system, can act as vectors for attacks.