14 DAY TRIAL // The Microsoft Security Bulletin Summary for May 2007 features only a few mentions of Windows Vista. And the fact of the matter is that none of the 19 vulnerabilities patched in no less than 7 Critical security bulletins directly impact Microsoft's latest operating system.
However, it is a question of nuance, and one that is repeating itself. Back in February 2007, two weeks after Windows Vista had hit the shelves, Microsoft issued a security patch for a critical vulnerability in the Malware Protection Engine.
And the flaw affecting Malware Protection Engine automatically impacts Windows Defender as the engine is the foundation for all of Microsoft's security solutions, including Windows Live OneCare and the Antigen and Forefront suites. Perspective and nuance aside, Windows Vista ships with Windows Defender. There is no way of removing or uninstalling Windows Defender from Vista. Microsoft only allows users and third-party security products to disable the product.
As such, can a vulnerability in one of the components built in the operating system be a Vista vulnerability? This can of course be argued both ways, and it is easy to spot Microsoft's position on this one. Today, a similar scenario places Internet Explorer 7 on Vista in the spotlight. Sure, the Vista code is unscratched, but that does not mean that the operating system is not affected, that it cannot be completely compromised using IE7 as an attack vector.
"Just like last month, security holes are being found which impact Windows users, including adopters of Microsoft Windows Vista," said Graham Cluley, senior technology consultant at Sophos. "Whether you are using the latest version of Windows or not, it makes sense to keep up-to-date with the latest security patches and roll them out across your business as a matter of priority. Hackers have shown no mercy in the past taking advantages of vulnerabilities in Microsoft's code, and taking action now will help defend your network and keep your company out of trouble."