Microsoft has released a couple of patches for Windows Vista after realising that the pre-release OS is vulnerable to some of the security bugs addressed in its last (mammoth) Patch Tuesday update cycle.

Of the seven critical Windows updates released in August, two (MS06-042 (http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx) and MS06-051 (http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx)) also affect Windows Vista Beta 2 or later, prompting the release of additional patches.

The most threatening of the Windows flaws addressed on 8 August (MS06-040 (http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx)) - the subject of active malware exploitation over recent days - leaves Vista untouched.

The two necessary fixes for Vista have been released through Windows Update. Microsoft may issue additional patches for Vista, in response to future security threats, but there'll be a hiatus in patches between the end of the beta testing period and the final shipment of the OS, due early next year.

"Windows Vista is the first major Microsoft product release that will be serviced with security updates throughout the beta process. We are committed to release Windows Vista updates for all MSRC critical class issues that may arise during the beta testing period. We strive to release any Windows Vista updates as soon as possible, but our priority will be to release the updates for Windows products that have been released to manufacturing," explained Alex Heaton of the Windows Vista Security team in a blog posting (http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/15/701306.aspx).

In other Patch Tuesday-related news, Microsoft said (http://blogs.technet.com/msrc/archive/2006/08/16/447023.aspx) it would release an Internet Explorer patch (MS06-042) next week after reported problems with the update for some IE users. Internet Explorer 6 Service Pack One systems were the focus of this glitch and the target of the forthcoming update, which leaves Vista Beta users in the clear...at least for now. ®

Related stories

Deployment bug mars Patch Tuesday (17 June 2008)
http://www.theregister.co.uk/2008/06/17/patch_tuesday_deployment_glitch/
Fight malware by upgrading to Vista, urges MS (23 October 2007)
http://www.theregister.co.uk/2007/10/23/rsa_vista_security_pitch/
MS tweaks Vista with minor updates (30 August 2007)
http://www.theregister.co.uk/2007/08/30/vista_fixes/
MS fast-tracks Vista service pack (26 January 2007)
http://www.theregister.co.uk/2007/01/26/vista_sp1/
VeriSign offer bounty on Vista and IE7 bugs (11 January 2007)
http://www.theregister.co.uk/2007/01/11/idefense_bug_bounty/
MS sees out year with another Vista attack (28 December 2006)
http://www.theregister.co.uk/2006/12/28/ms_investigates_vista_attack/
Three critical patches star in MS update (13 December 2006)
http://www.theregister.co.uk/2006/12/13/ms_patch_tuesday/
MS preps six fixes for November Patch Tuesday (10 November 2006)
http://www.theregister.co.uk/2006/11/10/nov_patch_tuesday-pre-alert/
Windows Update glitches derail Patch Tuesday (11 October 2006)
http://www.theregister.co.uk/2006/10/11/october_patch_tuesday/
Microsoft Vista final beta released (9 October 2006)
http://www.theregister.co.uk/2006/10/09/vista_final_beta/
Busy Patch Tuesday looms (6 October 2006)
http://www.theregister.co.uk/2006/10/06/october_patch_tuesday_pre-notice/
Patch Tuesday omits critical Word fix (14 September 2006)
http://www.theregister.co.uk/2006/09/14/ms_patch_tuesday/
Windows Vista pricing favors PC upgrades (6 September 2006)
http://www.theregister.co.uk/2006/09/06/windows_vita_prices/
Microsoft Canada spills Vista pricing (29 August 2006)
http://www.theregister.co.uk/2006/08/29/ms_vista_canada/
Linux patch becomes terminal pain (26 August 2006)
http://www.theregister.co.uk/2006/08/26/linux_update_shocker/
MS finally patches IE patch (25 August 2006)
http://www.theregister.co.uk/2006/08/25/ie_repatch/
Microsoft flaw fix opens users to attack (24 August 2006)
http://www.theregister.co.uk/2006/08/24/microsoft_flaw_update/
Trojan exploits unpatched PowerPoint vulnerability (21 August 2006)
http://www.theregister.co.uk/2006/08/21/trojan_exploits_ppt_vuln/
MS releases dirty dozen (9 August 2006)
http://www.theregister.co.uk/2006/08/09/ms_patch_tuesday/
Stealth attack undermines Vista defences (7 August 2006)
http://www.theregister.co.uk/2006/08/07/vista_black_hat_attack/
Symantec highlights Windows Vista user vulnerabilities (2 August 2006)
http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
Developers cry foul over Windows kernel security (28 July 2006)
http://www.theregister.co.uk/2006/07/28/ms_kernel_security_controversy/
Symantec: Vista probably 'less stable' than XP (19 July 2006)
http://www.theregister.co.uk/2006/07/19/vista_security_analysis/
MS releases third beta for IE7 (30 June 2006)
http://www.theregister.co.uk/2006/06/30/ie7_beta3/
Vista bad news for anti-spyware market? (11 May 2006)
http://www.theregister.co.uk/2006/05/11/vista_could_kill_security_firms/
Windows Vista - not so clear after all (9 May 2006)
http://www.theregister.co.uk/2006/05/09/windows_vista_clarity/