Vista already on the Redmond patch treadmill

While Microsoft has touted Windows Vista as its most secure client operating system yet, the unfinished product is already getting regular security fixes.

Vista, slated to be broadly available in January, is the first major Microsoft product to get security updates while it is still in beta, Microsoft employee Alex Heaton wrote on a corporate blog on Tuesday.

Heaton, who works on Vista security, wrote: "We are committed to release Windows Vista updates for all MSRC (Microsoft Security Response Center) critical class issues that may arise during the beta-testing period." The goal is to release the fixes as soon as possible, he said - but versions of Windows that have been commercially released, such as Windows XP, get priority.

Two of the seven "critical" Windows updates that Microsoft delivered on 8 August affect Vista, Heaton wrote. These are MS06-042, for Internet Explorer, and MS06-051, which addresses a flaw in the Windows kernel.

Vista is not affected by the Windows flaw that is getting most of the attention among the Patch Tuesday bulletins. That flaw, MS06-040, affects file and printer sharing and has already been exploited in low-risk worm attacks.

Updates for the security issues that affect Vista have been sent out to Windows Update and are available in the Microsoft Download Center, according to the software maker.

These are not the first security fixes for Vista. In January, Microsoft released a security update to address the same image-rendering vulnerability found in earlier versions of the operating system. The patch fixed a flaw in the way the operating system's Graphics Rendering Engine processes Windows Meta File images. The WMF handling bug was being exploited in cyber attacks.

Joris Evers writes for CNET News.com