The updated version of Virtual PC 2007 has finally been released, and is free. If you’re planning on running Windows Vista in a VM or if you’ve got a computer with Virtualization Extensions in the processor and you plan on virtualizing anything go get this new version.

Some key features of Virtual PC 2007 include:

• Support for x64 Windows as a host operating system
• Support for hardware virtualization support
• Support for Windows Vista as a guest and host operating system
• Support for PXE network booting of virtual machines
• Support for the use of fullscreen virtual machines on multi-monitor systems (VM still stays on just one monitor though)

Download it, from the newly updated Virtual PC website: http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx.

Microsoft’s first update of its Windows operating system in five years contains some major changes from the previous version, Windows XP.

SECURITY

• XP: Contains a built-in firewall and the ability to automatically download security software fixes.
• Vista: Microsoft’s most secure software ever has a built-in firewall, anti-“phishing” software and other features. New login requirements limits “administrator” privileges to keep important programs closed off the general Internet and hackers. Built-in coding gives computers another layer of individuality, making it harder for viruses and other Internet maladies to migrate from machine to machine. Vista’s core software “kernel” is designed so outsiders can’t access it.

HOME ENTERTAINMENT

• XP: Users had to buy an upgraded “Media Center” version to get the ability to watch and save television programming, edit home movies and share photos.
• Vista: Media Center comes built in with all but the basic & business versions.

USER INTERFACE

• XP: Relied on attributes of previous Windows versions that limited how users can store and access files to static displays.
• Vista: “Aero” technology lets users sort and view files through transparent panes. Static beige “folders” are replaced by 3-D icons. New “Start” menu and integrated search functions use keywords to locate applications, music, photos, e-mail and other data. “Sidebar” function lets users keep frequently used applications on the desktop for easy access.

PARENTAL CONTROLS

• XP: Parents had limited controls over where their kids could go on the Internet.
• Vista: Parents can limit which Web sites their kids can visit, what games they play and what times of day they can use the computer. They can track every e-mail and instant message their children send and every Web site they visit or try to visit.

VIDEO AND GRAPHICS

• XP: Relied largely on an add-on graphics card, which reduces the quality of photo, graphics and video.
• Vista: Better use of integrated graphics makes photos, videos and graphics sharper and games seem more realistic, especially on wide-screen monitors.

NETWORKING

• XP: Setting up home networks and finding wireless networks can be complicated.
• Vista: New features make setting up networks much easier.

Proof-of-concept exploit code for a privilege escalation vulnerability affecting all versions of Windows including Vista has been posted on a Russian hacker forum, forcing Microsoft to activate its emergency response process.

Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server.

According to an alert cross-posted to security mailing lists, the vulnerability is caused by a memory corruption when certain strings are sent through the MessageBox API.

“The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” Reavey said in an entry posted late Dec. 21 on the MSRC blog.

“While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date,” he added.

“Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers,” Reavey added.

The MSRC is expected to issue a formal security advisory with pre-patch workarounds. In the interim, the company is urging customers to enable a firewall, apply all security updates and install anti-virus and anti-spyware protection.

To date, there are no reports of actual attacks against Windows users.

The Microsoft confirmation comes hard on the heels of a claim by anti-virus vendor Trend Micro that underground hackers are selling zero-day exploits for Windows Vista at $50,000 a pop.

The Vista exploit which has not been independently verified was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based Trend Micro.

In a recent interview with eWEEK, Trend Micro’s chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.