Vista SP1 Features the Same Sins as Windows Vista

[align=center][img]http://news.softpedia.com/images//newsrsz/Vista-SP1-Features-the-Same-Sins-as-Windows-Vista-2.png[/img][/align]

[font=Verdana][url=http://news.softpedia.com/news/Forget-about-Hacking-Techniques-The-New-Vista-SP1-RC-Refresh-Is-Publicly-Available-76092.shtml][b]Windows Vista Service Pack 1[/b][/url]comes with the same sins as Windows Vista. The service pack is not evenout the door, and is already putting users at risk. Microsoft hasplugged the first security holes in Vista SP1 as the service pack isstill in the Release Candidate Stage. In mid December the Redmondcompany opened up the testing process of Vista SP1 to all users. Andwith an install base over 100 million strong, the public ReleaseCandidate for SP1 is quite a popular item among Vista downloads,especially for users looking for a breath of fresh air from the expired Wow.

However, despite the fact that Microsoft has offered an impressive listof security enhancements in the documentation delivered alongside theservice pack, Vista SP1 is by no means bulletproof. Moreover, it seemsthat the service pack comes with some of the same vulnerabilities asthe RTM version of Vista. Case in point: a vulnerability in WindowsTCP/IP that can allow for remote code execution. On January 8, 2008,Microsoft released security bulletin MS08-001, labeled with a maximumseverity rating of Critical, addressing two vulnerabilities inTransmission Control Protocol/Internet Protocol (TCP/IP) processing.

And it seems that Vista SP1 features the Windows Kernel TCP/IP/IGMPv3and MLDv2 vulnerability just as Windows Vista. "A security issue hasbeen identified in TCPIP that could allow an attacker to compromiseyour Windows-based system and gain control over it. You can helpprotect your computer by installing this update from Microsoft. Afteryou install this item, you may have to restart your computer,"Microsoft revealed in the description of the Security Update forWindows Vista Service Pack 1 RC0.

And Windows Vista SP1 RC0 is not the only operating system in betatesting affected by the vulnerability. It seems that Windows Server2008 Release Candidate 0 is also affected by the flaw, and as suchMicrosoft has also patched the RC development milestone of its last32-bit server operating system. You will be able to download thepatches from the links below:

- Security Update for Windows Vista Service Pack 1 RC0 ([url=http://www.microsoft.com/downloads/details.aspx?FamilyID=10774e8b-8b20-4756-8a72-a315b127f2f0&DisplayLang=en]KB941644[/url])
- Security Update for Windows Vista Service Pack 1 RC0 for x64-based Systems ([url=http://www.microsoft.com/downloads/details.aspx?FamilyID=3391bae2-46e0-45f8-afdf-a0b5e1d4d484&DisplayLang=en]KB941644[/url])

- Security Update for Windows Server 2008 RC0 ([url=http://www.microsoft.com/downloads/details.aspx?FamilyID=28900f83-ff8a-4d9c-8fc7-a8beac0230d7&DisplayLang=en]KB941644[/url])
- Security Update for Windows Server 2008 RC0 for x64-based Systems ([url=http://www.microsoft.com/downloads/details.aspx?FamilyID=4395864f-fcc7-4735-9ee1-20fc167a311d&DisplayLang=en]KB941644[/url])
- Security Update for Windows Server 2008 RC0 for Itanium-based Systems ([url=http://www.microsoft.com/downloads/details.aspx?FamilyID=1efc161d-89c2-4f90-9ef6-e2de987cf4ce&DisplayLang=en]KB941644[/url])[/font]