Critical Vista Flaw Leads Patch Tuesday Lineup

Update, April 11, 12:06 p.m.: An earlier version of this post incorrectly stated that Microsoft had re-issued a patch that it originally released on Tuesday, Apr. 3. The text below has been changed.

Original post:

Microsoft Corp. today issued a bundle of software updates to fix at least eight security flaws in its software, including a patch that plugs another dangerous vulnerability in Windows Vista. The free updates are available either from the Microsoft Update Web site or by turning on automatic updates.

This is the second time in a week that the company has shipped a patch to address a "critical" flaw in Vista. Microsoft labels security holes "critical" if they could be exploited by attackers to gain complete control over a vulnerable system through no action on the part of the victim. Last Tuesday, Microsoft pushed out an emergency fix to correct a bug in Vista and Windows XP that hackers have been actively exploiting to attack Windows users.

Security experts were quick to seize upon the Vista flaw as a harbinger of things to come. Amol Sarwate, manager of vulnerability research for security software vendor Qualys, said the most-recent Vista hole to be documented is merely "the beginning of the weaknesses that we will see this year with Vista" and that Microsoft's reuse of code from previous versions of Windows threatens to weaken Microsoft's much-vaunted work on building security into its flagship operating system.


Article Source: http://blog.washingtonpost.com/securityfix/2007/04/critical_vista_flaw_leads_patc.html