Microsoft issues first Windows 7 beta patch
But it skips offering SMB patch because it's not critical
Computerworld - Microsoft Corp. today issued its first patch for the just-released Windows 7 beta, but it passed on plugging a hole in an important file-sharing protocol that it fixed in older versions of the operating system.
Earlier today, Windows Update, Microsoft's primary update service, began delivering the first patch to Windows 7 since the company struggled to launch the public beta last Friday. The update fixes a flaw that shaves several seconds of audio from any MP3 file that's edited, including files modified automatically as users connect to the Internet.
"Without action on your part, all MP3 files that have large headers in your Windows Media Player and Windows Media Center libraries are likely to lose some audio," Microsoft said in the support document it published Saturday, several days after it first posted the fix to its MSND and TechNet subscription services.
Before today, users who wanted to apply the fix had to find it, download it manually and install it themselves.
Microsoft also recommended that users back up all MP3 files before doing an upgrade to Windows 7 from Windows Vista, and that they set all of them to "read-only" status by right-clicking each file in Windows Explorer and then clicking the General tab and selecting the "Read-only" box. Failing that, users should disable metadata automatic updates in Windows Media Player, Microsoft said.
At the same time, it quashed the MP3 bug, however, Microsoft ignored a vulnerability in the Server Message Block (SMB) protocol that affects every version of Windows, including Windows 7.
Microsoft explained why the flaw went unfixed. "We provide security updates for beta versions of Windows through Windows Update for Critical issues only," said Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), in a post to the group's blog today. "So the vulnerability will be addressed in the next public release for Windows 7."
Of the three bugs patched by the MS09-001 security update today, just one is pertinent to Windows 7, Budd added. That vulnerability, designated as CVE-2008-4114, is a denial-of-service bug rated "moderate," the second step in Microsoft's four-level scoring system.
The remaining two vulnerabilities -- both labeled "critical" by Microsoft -- affect Windows 2000, XP and Server 2003; one of them also affects Windows Vista and Server 2008.
Windows 7: Vista Reloaded
- Microsoft ditches Windows 7 beta download limit
- Preston Gralla: Why XP owners won't love 7
- Microsoft restarts botched Windows 7 beta downloads
- Barbara Krasnoff: Will Windows 7 win back our hearts and minds?
- Review: Windows 7 Beta 1 shows off new task bar, more UI goodies
- Microsoft's site overwhelmed by would-be Windows 7 downloaders
- FAQ: How to get the Windows 7 beta
- Report: Microsoft to do free Windows 7 upgrades
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts