Description: This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Windows Explorer parses saved searches. Keep reading →

Windows Vista application compatibility updates are software updates that address common application compatibility issues in Windows Vista. Microsoft regularly releases Windows Vista application compatibility updates. This article lists three ways to get the latest update, including links to the downloads. Keep reading →

As previously announced, Vista got 5 security updates yesterday. Three of them were ‘Critical’, while the other two were ‘Moderate’. In addition to those security updates, two non-security updates were released. One was for Media Center, the other for CEIP (Windows Vista Customer Experience Improvement Program). Keep reading →

The Windows Vista Customer Experience Improvement Program (CEIP) collects information about how you use Windows Vista. The Windows Vista CEIP also collects information about any problems that you experience when you use Windows Vista. Microsoft uses this information to improve the features that you use most frequently.

If you join the Windows Vista CEIP, Microsoft will use the information that is collected only to improve the software. Microsoft will not use this information to identify you or to contact you.

This article describes an update to the Windows Vista CEIP. This update configures the existing Windows Vista CEIP settings to improve the quality of the software-oriented information that is sent to Microsoft.

Description: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses these vulnerabilities by modifying the way PGM parses malformed packets. Keep reading →

Description: This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way that DirectX handles MJPEG and SAMI format files. Keep reading →

Description: This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb. The security update addresses the vulnerability by setting a kill bit so the vulnerable controls do not run in Internet Explorer. Keep reading →

Description: This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles calls to HTML objects and validates data. Keep reading →

Description: This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying the way that the Bluetooth stack handles a large number of service description requests. Keep reading →

Vista hasn’t escaped the need for security updates in the month of June. All together, five updates affect Windows Vista; three critical, and two moderate. All updates affect both 32 and 64-bit systems, and it doesn’t matter if you have SP1 installed or not. Keep reading →