2008: Year of the Vista Patch?

Just moments after Microsoft rolled out its last seven patches of 2007, security experts were prognosticating all over cyberspace, mainly pointing out the overwhelming number of fixes related to the Vista operating system in the December release alone.

Eric Schultze, chief technology officer of St. Paul, Minn.-based Shavlik Technologies, even went so far as to say 2008 would be the year of the "Vista Patch."

It looks like IT pros won't even have to wait that long to get a gander at some of the holes to be plugged via hotfixes and security patches in the forthcoming Vista SP 1 release. Microsoft last week released a comprehensive list of more than 300 security hotfixes to be included in SP1.

Many of the fixes--ranging from the OS itself to related applications and services such as Internet Explorer, Excel, Visual Studio, and even Unix migration--are already in existence from successive Patch Tuesdays and can be downloaded and patched individually. But there are lots of new issues as well.

"Given what we've seen, what we are seeing and what we will see with this operating system, I would certainly expect the coming year to be full of Vista Patches," said Schultze.

According to Redmond, among the major aspects of SP1 will be improved remote security, especially regarding Remote Desktop Protocol files. RemoteApp programs can be accessed remotely through Terminal Services but appear as if they're running on the end user's local PC. Redmond is stepping up its commitment to security for desktop users communicating with servers running Terminal Services.

SP1 will also enhance OS performance on PCs connected to virtual private networks and other virtual machine peripherals, according to the software giant.

Additionally, as previously reported, application programming interfaces (APIs) will be configured in SP1 to help independent software vendors develop programs and applications extending the functionality of the Windows kernel. BitLocker encryption and a revamped Windows Security Center are also on that list.

As with all patch announcements and releases from Redmond, the list is subject to change, either contracting or expanding ahead of the official release of the service pack. Microsoft also stated in the list's abstract that "newer hotfixes and security updates will continue to be included in the Service Pack until closer to the release date."

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • abstract smartphone translucent screen displaying AI interface

    Apple Introduces Redesigned Siri AI

    At its recent Worldwide Developers Conference, Apple introduced Siri AI, a redesigned version of its voice assistant that Apple describes in its own announcement as "a profoundly more capable and personal assistant." The update is intended to make Siri more conversational, more context-aware, and more useful across iPhone, iPad, Mac, Apple Watch, and Vision Pro.

  • silhouette of business person facing wall of data

    Why AI Strategy Belongs in the President's Office

    Institutions that are succeeding with AI share one thing in common, and it is not a better committee, a larger budget, or a more sophisticated technology stack. It is a president who never handed off the steering wheel.

  • Blue digital wireframe classical building structure

    Before AI, Fix Your Data

    Institutions don't have to solve every data problem before they can begin using AI responsibly. But they do need to treat information as a strategic asset — not a byproduct of operations — and start building toward AI-ready data now.

  • Jason Palm

    AI, Identity, and Speed: Cybersecurity Priorities for Higher Ed

    Fortinet Security Operations Specialist Jason Palm explains how AI is raising new security challenges for higher education, requiring stronger governance, identity protection, threat detection, automation, and incident readiness.