Windows Server 2008

Windows 7 Service Pack 1: 39 Security Fixes, Few Major Changes

With Microsoft set to release the first Service Pack for its Windows 7 Operating System to the general public on Tuesday, businesses and consumers are preparing for an update that fixes hundreds of security and functional problems, but this Service Pack is more housekeeping than a radical home makeover when it comes to security. Microsoft released SP1 to its MSDN members and TechNet Subscribers on February 16. The company said at that time that general availability of SP1 would come on February 22. The release is the first major update for the Windows 7 operating system and for the Windows Server 2008 R2 platform, comprising more than 750 so-called “hot fixes” and 39 security fixes. However, unlike high stakes updates for earlier Windows versions, such as XP and Vista, Microsoft’s Service Pack 1 for Windows 7, Microsoft has avoided wholesale changes to Windows 7 in the name of security.Among the changes that customers get with Service Pack 1 are 32 security updates of varying degrees of severity and stretching back to 2009. They include high profile fixes like MS10-061, which closed a hole in the Windows Print Spooler Service that was used by the Stuxnet worm. In recent years, the Redmond, Washington software maker had fallen into a pattern of using service pack releases – especially its first service pack – to address major security issues and shortcomings. Perhaps the best example of that was the WIndows XP Service Pack 2, released in August 2004, which added a host of new security features including a desktop firewall, an early version of the company’s Data Execution Prevention (DEP) technology and the Windows Security Center, a GUI feature that allowed users to manage their security software from a central location. Service Pack 1 for Windows 7 and Windows Server 2008 R2 are scheduled to be made available from the Microsoft Download Center or Windows Update on Tuesday. 

Stage is Set for Vista Worm With SMB2 Flaw

From The Last Watchdog (Byron Acohido)

A strong dose of déjà vu enshrouds the heightened security advisory Microsoft issued today about the newly-disclosed SMB2 zero-day vulnerability in the Windows Vista and Windows Server 2008 operating systems. It was one year ago today — September 2008 — that Chinese malware brokers were spotted selling a $37 tool kit that allowed anyone to exploit a newly-disclosed RPC-DCOM vulnerability in Windows XP and Windows Server 2000. Read the full story [The Last Watchdog].

Five Critical Bulletins Coming on MS Patch Tuesday

Microsoft’s September batch of security updates will include fixes for a multiple “critical” vulnerabilities affecting the Windows operating system.

In all, the software maker will release five bulletins with patches for a range of flaws that could expose users to remote code execution attacks.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.