Softpedia >News >Microsoft >Patches and Vulnerabilities
Softpedia Homepage   

Microsoft Leaves Windows 7 Beta Vulnerability Unpatched

Plugs 2 critical holes in XP SP3, 2 moderate in Vista SP1

Jan 14, 2009 11:04 GMT  ·  By
Windows Update
   Windows Update

Microsoft will leave a security vulnerability in Windows 7 go unpatched until the next development milestone of the operating system, which, as far as the general public is concerned, will be the Release Candidate. The SMB Validation Denial of Service vulnerability is rated Moderate by the Redmond company, and Christopher Budd, security program manager in the Microsoft Security Response Center, explained that this was precisely the reason why the issue had not been resolved simultaneously with the patches provided for all supported versions of Windows. Windows 7 Beta Build 7000 was made available for download on January 10, 2009.

“We know that there might be some questions about the beta version of Windows 7 and today’s bulletin. Windows 7 is affected only by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and, like Windows Vista and Windows Server 2008, would be rated as Moderate because the vulnerability would require authentication for any attack to succeed,” Budd stated.

“We provide security updates for beta versions of Windows through Windows Update for Critical issues only. So, the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) will be addressed in the next public release for Windows 7.”

As initially planned, Microsoft offered a single security bulletin designed to patch vulnerabilities in all supported versions of the Windows operating system on January 13, 2009.

According to the software giant, the vulnerabilities patched by the security update are exposing users of Windows 2000, Windows 2003 Server, and Windows XP, including SP2 and SP3, to the highest level of risk, as the platforms are affected by three holes: the SMB Buffer Overflow Remote Code Execution vulnerability, the SMB Validation Remote Code Execution vulnerability, and SMB Validation Denial of Service vulnerability. Windows Vista and Windows Server 2008 are impacted by just the last two.

“We are releasing one new bulletin today, MS09-001. This bulletin is rated as ‘Critical’ for Windows 2000, Windows XP and Windows Server 2003, and is rated as ‘Moderate’ for Windows Vista and Windows Server 2008,” Budd added.

Windows 7 Beta is available for download here.