Microsoft Discloses Security Bugs in Vista Gadgets

Microsoft Discloses Security Bugs in Vista Gadgets

Microsoft’s August security patches, released today, provide a new chance to assess the company’s promise of higher security in Windows Vista. The company released six critical security bulletins, and Windows Vista is among the versions affected by three of them.

Two of the critical bulletins involve earlier Windows versions, but not Windows Vista, suggesting that Microsoft avoided those problems in the new operating system.

But one of the three bulletins with the lower ranking of “important” affects Windows Vista alone. And it’s an interesting one, dealing with RSS feeds and Windows Vista Gadgets. Read more for the executive summary.
“This essential security refresh settle two secretly announced vulnerabilities notwithstanding different vulnerabilities distinguished over the span of the examination. These vulnerabilities could enable a mysterious remote assailant to run code with the benefits of the signed on the client. If client subscribed to a vindictive RSS channel in the Feed Headlines Gadget or included a malevolent contacts document in the Contacts Gadget or a client tapped on a pernicious connection in the Weather Gadget an aggressor could possibly run code on the system. In all assault vectors, clients whose records are arranged to have fewer client rights on the framework could be less affected than clients who work with managerial client rights.”
Gadgets are the small applications on the Vista desktop that provide snippets of information such as the time, weather and news headlines. Microsoft credits Aviv Raff of Finjan and Joshua Drake of defense Labs for finding elements of those problems.

One of the other “important” bulletins involves Windows Media Player, in Windows versions including Vista. And the third involves Virtual PC and Virtual Server.

Microsoft’s August security patches,┬áreleased today, provide a new chance to assess the company’s promise of higher security in Windows Vista. The company released six critical security bulletins, and Windows Vista is among the versions affected by three of them.

Two of the critical bulletins involve earlier Windows versions, but not Windows Vista, suggesting that Microsoft avoided those problems in the new operating system.