Microsoft to patch unhackable Windows 7 bug later today
Continues 'defense-in-depth' practice by patching flaw in Vista, Windows 7, Server 2008
By Gregg Keizer
April 13, 2010 06:53 AM ET
Computerworld - Later today,
Microsoft will play it safe by patching a
Windows 7 bug that it says can't be exploited.
Of the 11
security bulletins that will be released in a few hours, Bulletin 7 will address one or more
vulnerabilities in Windows 2000, Windows XP and Windows Server 2003.
But Microsoft will also offer the same update to users running Windows Vista, Windows 7 and Windows Server 2008, even though the company
maintained last week that they were impervious to attack.
"Windows 7 users will be offered Bulletin 7 as a defense-in-depth update even though the [advanced notification] states that the issue does not affect Windows 7," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in one of several e-mails replying to questions. "This means that the vulnerable code is in the software, but due to the improved protections built into Windows 7, there are no known vectors to reach it."
In other words, the vulnerability is there -- in Vista, Windows 7 and Server 2008 -- but Microsoft doesn't know how it could be exploited.
Better safe than sorry, security experts said.