KB958690

This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. The security update addresses the vulnerabilities by validating input passed from user mode through the kernel component of GDI, correcting the way that the kernel validates handles, and changing the way that the Windows kernel handles specially crafted invalid pointers.

TechBlog: Windows 7 beta users to get updates that aren’t updates

Microsoft is testing the update feature in Windows 7 be sending ‘blank’ updates that don’t actually add new features or fixes. More »

KB961260

This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition.

Note that the Security Bulletin lists this update as Critical for Internet Explorer 7 in Windows Vista. It makes no mention of Internet Explorer 8, or of Windows 7 Beta, so it is unclear what the severity of this vulnerability is with IE8 on Windows 7 Beta.

• Uninitialized Memory Corruption Vulnerability – CVE-2009-0075
• CSS Memory Corruption Vulnerability – CVE-2009-0076

Windows 7: Windows 7 Beta Patch Fixes MP3 Bug

The patch, which was available via TechNet when I downloaded Windows 7 Beta, or was available after by running Windows Update, is now being pushed. More »

The Microsoft Security Response Center (MSRC) : January 2009 Monthly Bulletin Release

Windows 7 is affected by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and would be rated as Moderate because the vulnerability would require authentication for any attack to succeed. Microsoft provides security updates for beta versions of Windows through Windows Update for Critical issues only. So the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) will be addressed in the next public release for Windows 7. More »

KB961367

An update is available for Windows Media Center and Windows Media Player in Windows 7 Beta. This update addresses some issues with Windows Media Center playback, recording, and MP3 file support in Windows. More »

KB960714

This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. More »

KB958456

This article introduces an update to improve the reliability and operation of an external NTFS drive. After you install this update, you may have to restart your computer.

Download details: Security Update for Windows 7 Beta (KB958644)

The first patch for Windows 7! Windows6.1-KB958644-x86.msu stops a vulnerability that could allow an authenticated remote attacker to compromise your computer and gain control over it. More »