Microsoft lists critical Vista vulnerability among 12 flaws

Stan Beer
Wednesday, 14 February 2007 09:26

Your IT - Home IT

In one of its busier monthly security patching cycles, Microsoft has issued a total of 20 software patches to fix 12 security flaws, of which six flaws carried the most severe critical rating. One of the critical flaws affects the recently released Windows Vista operating system.

While just six of the flaws were tagged as critical, which means an attacker could remotely take complete control of  a system, 11 of the 12 flaws were found to potentially enable remote code execution if exploited.

The critical vulnerabilities spanned a wide range of Microsoft products, including Office, Word, Internet Explorer, Data Access Components and HTML Help ActiveX Control.

In addition a newly discovered critcial vulnerability was detailed in the Microsoft Malware Protection Engine, which affects the Windows Defender security package, including the Windows Vista version. Windows Defender is anti-spyware software, which has been included as part of Windows Vista and is available as a free download for Windows XP and other previous supported versions of Windows.

As Windows Defender is part of Vista, Microsoft has admitted that its new operating system could have been exploited prior to installation of the patch.

The fact that a critical security vulnerability has been found to involve Vista just two weeks after its commercial release to the consumer market raises questions as to how secure the new operating system will be when malware purveyors have a wider user base to target.