Download March 2009 Security Release ISO Image for Vista SP1 and XP SP3

The Security Releases ISO Image for March 2009 is available for download, offering all the security bulletins released by Microsoft for all supported versions of the Windows platform just a couple of days ago through Windows Update, Microsoft Update and Automatic Updates. The DVD5 ISO image file brings to the table patches for no less than eight security vulnerabilities that the software giant resolved on March 10, but packaged to contain multiple individual language versions of each security update, according to Microsoft.The ISO allows for multiple security updates to be downloaded as a single package for all the localized versions of Windows, including Windows Vista SP1 and Windows XP SP3, but also Windows Server 2003 and Windows Server 2008.

“Of the eight vulnerabilities, only one is rated “Critical”—a remote code-execution vulnerability affecting the Windows kernel. This is a fairly serious issue, because a successful exploit will result in a complete compromise of the affected computer. The remaining issues, all rated “Important”, affect the Windows kernel, SChannel, and Windows WINS and DNS servers,” revealed Symantec’s Robert Keith.

The March 2009 Security Release ISO Image contains no less than four bulletins, namely MS09-006, MS09-008, MS09-007, and MS08-052. Microsoft has also included MS08-052 with this release of the ISO image, because it revised the contents on March 10. Of course, MS09-006, considered Critical because it can allow an attacker to perform remote code execution in the eventuality of a successful exploit, should be at the top of every patch priority list.

“A remote code-execution vulnerability affects the GDI component of the Windows kernel when handling malformed EMF or WMF files. Remote attackers can exploit this issue by tricking a victim into viewing a specially crafted image; this can occur simply by visiting a malicious web page or viewing a specially crafted email. Successful exploits will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges,” Keith added.

March 2009 Security Release ISO Image is available for download here.

Windows 7 Embracing Vista Rejects

As far as software products are concerned, it's not just the solutions themselves that need to be tailored to the next iteration of Windows, it is also Windows 7 that needs to adapt in response. According to Microsoft, the goal with Windows 7 is not only to ensure that all Vista-compatible applications will continue to work, but that even broken apps will integrate seamlessly with the new operating system. The Redmond company is actually rescuing Windows Vista broken software and tailoring it to Windows 7. By making sure that Windows 7 embraces Vista rejects, the software giant is attempting to boost the level of application compatibility for the next version of the Windows client.

“Along with the core tenet of ensuring that any application that worked on Windows Vista also works on Windows 7 we have a stretch goal to “raise the bar” and make applications work on Windows 7 that never worked on Windows Vista. For Windows 7, we have some good news early in the development cycle. So far we have made over 30 applications that were “broken” on Vista work on Windows 7. This means that Windows 7 will have higher application compatibility than Windows Vista. We are continuing to push this number up,” revealed Grant George, the corporate vice president for testing in the Windows Experience team.

But Microsoft is not stopping at Windows 7. The company is also promising that, as possible, broken apps salvaged for Windows 7 will also be made to work for Windows Vista. In this context, the company is looking to ensure that the fixes introduced with Windows 7 will be backported to Vista, and has flagged the resolves for possible inclusion in future updates, although no timetable for compatibility refreshes was delivered.

“We look at applications in 3 buckets. Global ISV (GISV) Applications – Localized software sold by major ISVs in several international markets as well as the United States. Microsoft (MS) Localized Applications – Microsoft software that has been localized for use in other markets other than the United States. 3rd Party Local Applications – Software where the user interface language is not-English and the application is sold in non-English speaking markets,” Grant stated.

The challenge with Windows 7 is to adapt the platform to a worldwide audience via International Application Compatibility. Over 1,200 applications localized in no less than 25 markets have already been tested on Vista's successor. This means that Microsoft is ensuring that Windows 7 will play nice with no less than 300 applications on top of what Vista brought to the table.

“Testing applications means more than just installing them and making sure they launch,” Grant explained. “Every application gets a unique test plan written for it to cover as much functionality as we can. We write test cases to cover primary and secondary application functions – for our word processing example this would include opening a file, typing a letter, adjusting formatting, save, and print, emailing a copy to someone, etc. These applications go through 6 or more test passes during the product cycle.”