Vista Service Pack 1: 573 Fixes in Limbo

Jack Writes: Service Pack 1 for Windows Vista is (almost) ready for prime time. SP1 contains a whopping 573 bug fixes and patches that have accumulated since Vista first shipped in early 2007, plus some performance improvements. I advise you to get it--but only after the wrinkles are ironed out.

Microsoft says a few programs, including The New York Times Reader and Zone Alarm 7.1 security suite, can't start or work properly with Vista SP1. Most affected companies now have updates to fix the problem.

However, an update you have to install before installing SP1 has a glitch in it that causes some PCs to restart endlessly. Microsoft says the problem affects only "a small number" of the more than 100 million Vista users. At press time, the the update had been suspended.

The faulty update, numbered 937287, was part of Microsoft's mid-February Patch Tuesday downloads. If you have automatic updating turned on and your Vista PC is behaving normally, the update likely installed just fine on your machine.

If it didn't, you'd know by now. Microsoft offers help at 866/727-2338 to users whose PCs react badly; a fix at Windows Update should be available by the time you read this.
As part of its February patch extravaganza, Microsoft also released six security-related patches to fix critical bugs in Windows, Internet Explorer, and Office. Three of the problems affect Windows Vista, either directly or through holes in IE.

If you have Adobe Acrobat or Reader on your PC (and who doesn't?), you need to patch a half-dozen "critical" holes recently discovered in both products. Opening a rigged PDF (Portable Document Format) file is the only prerequisite for being attacked. Adobe warns that versions 8.1.1 and earlier of both Acrobat and Reader are at risk for the problem. Security firm Secunia rates the flaws as "highly critical," which is its second highest severity ranking. No attacks have occurred yet, but gremlins have already posted proof-of-concept exploits on the Web. Get the 8.1.2 The 8.1.2 updates are now available.

Skype has patched a hole in its Windows client software. The exploit uses an IE feature to display HTML pages, but sets the browser's security at the lowest level, leaving you vulnerable. Click a booby-trapped video file and the evildoers could hijack your PC. A working exploit exists; the fix is available from Skype.

Yahoo has updated its Yahoo Music Jukebox software to patch multiple security holes in the free player. Yahoo Music Jukebox versions prior to 2.2.2.058 need the fix. A successful attack could let bad guys take over your PC, Yahoo says. Proof-of-concept exploit code has appeared online.