Microsoft has issued its first security release for its new Windows 7 operating system, patching three flaws.
The MS09-006 update, which was issued on Tuesday, fixes the three Windows 7 problems.
"These vulnerabilities were reported after the release of Windows Server 2008 Service Pack 2 Beta, Windows Vista Service Pack 2 Beta, and Windows 7 Beta," Microsoft said in the accompanying bulletin. "Customers running these platforms are encouraged to download and apply the update to their systems."
All supported versions of Windows, ranging from Windows 2000 and XP to Vista and Server 2008, require patching. "It's in all versions of Windows; it's deep in the kernel and in GDI," Wolfgang Kandek, chief technology officer at security company Qualys said.
Attackers could use malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) images to exploit the bug in Windows 7, just as they could in other editions. Microsoft said the malicious images could be fed to users via email, placed on websites or added to other documents. Simply viewing the images would trigger the vulnerability.
Machines running the public preview of Windows 7, which Microsoft offered for a month, from January 10 to February 12, are also affected and users are being encouraged to download the MS09-006 security update.
This is not the first time that Microsoft has patched Windows 7. Just days after it delivered the beta, it fixed a flaw that shaved several seconds of audio from MP3 files.
At the time, a Microsoft spokesman said that the only Windows 7 bugs the company would patch using Windows Update were those tagged 'critical'.
"This tells us that Windows 7 is not only a cousin of Vista, but also a cousin of Windows 2000," said Kandek Wednesday, referring to the fact that even the ancient Windows 2000 contains the kernel vulnerabilities. "Certain things in the kernel have obviously not changed in Windows 7."
See also: Windows 7 to ditch Internet Explorer?