Description: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. Keep reading →

Microsoft posted the Security Bulletin Advance Notification for August 2008 today. In all, seven security updates are being released that affect the Windows Operating System, with five of them affecting Windows Vista. Three are ‘Important’, the other two ‘Critical’. Expect updates for the following issues on Tuesday, August 12th: Keep reading →

XP has required almost twice as many updates as Vista since Vista’s release, with Vista averaging only 1.5 per month. Keep reading →

Ed points out how all modern OSs need updates, and compared to others, Vista has needed far less. Keep reading →

Description: This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Windows Explorer parses saved searches. Keep reading →

Windows Vista application compatibility updates are software updates that address common application compatibility issues in Windows Vista. Microsoft regularly releases Windows Vista application compatibility updates. This article lists three ways to get the latest update, including links to the downloads. Keep reading →

As previously announced, Vista got 5 security updates yesterday. Three of them were ‘Critical’, while the other two were ‘Moderate’. In addition to those security updates, two non-security updates were released. One was for Media Center, the other for CEIP (Windows Vista Customer Experience Improvement Program). Keep reading →

The Windows Vista Customer Experience Improvement Program (CEIP) collects information about how you use Windows Vista. The Windows Vista CEIP also collects information about any problems that you experience when you use Windows Vista. Microsoft uses this information to improve the features that you use most frequently.

If you join the Windows Vista CEIP, Microsoft will use the information that is collected only to improve the software. Microsoft will not use this information to identify you or to contact you.

This article describes an update to the Windows Vista CEIP. This update configures the existing Windows Vista CEIP settings to improve the quality of the software-oriented information that is sent to Microsoft.

Description: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses these vulnerabilities by modifying the way PGM parses malformed packets. Keep reading →

Description: This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way that DirectX handles MJPEG and SAMI format files. Keep reading →