One of the reasons that there is often such a considerable amount of time between a vulnerability being identified and a patch being developed to remedy it is the extensive testing that goes into making sure that the patch works as advertised, and without breaking anything else. Sometimes, despite these efforts and the best of intentions, things slip past.

Apparently, a couple of the patches for Windows 7 (2482017 and 2467023) contained elements from the upcoming Windows 7 SP1 which adversely impact VMware. The good news is that Microsoft and VMware had already been working together in anticipation of the release of Windows 7 SP1, and VMware was already developing an update to address the problem. So, following the issues from February Patch Tuesday, VMware released an update within 24 hours that resolves the problem and gets VMware working properly on Windows 7 once again.

Obviously, users who knowingly use pirated versions of Windows 7 will not apply the optional update, but what about those who think their Windows 7 is legitimate? Well, those who think their Windows 7 is legitimate might still shy away from the update because they don’t see any value–to them rather than Microsoft–in identifying that fact.

That might be true to an extent, however, that super-cheap upgrade to Windows 7 might come with some extra bells and whistles you didn’t plan on. “Media Surveillance, an anti-piracy solutions company based in Germany, recently downloaded more than five hundred pirated copies of Windows 7 (and Windows activation exploits) and found that 32% contained malicious code.”

Part of the apprehension by users is based on not wanting to end up paying twice for Windows 7–once for the counterfeit copy, and again to replace it. A Microsoft spokesperson addressed that issue. “Microsoft does have a program to help customers who are victims of software piracy. Additionally the company will sometimes provide a free or discounted version of Windows to customers who report counterfeit products.

Microsoft encourages customers –enterprise, consumer, or SMB – who feel they have been victimized, to report their experience through piracy@microsoft.com or via Microsoft’s How To Tell Web site, here: http://www.microsoft.com/howtotell/reports/report.aspx“

According to Qualys CTO Wolfgang Kandek, the February Patch Tuesday was on track to do just that.  “Microsoft’s February 2010 was slated to be the biggest release for Microsoft patches in the last two years–14 bulletins addressing 34 vulnerabilities. But the Google/CN Internet Explorer 0-day forced Microsoft to accelerate the testing of the planned IE bulletin and release it early, still in January. That leaves 13 bulletins covering 26 vulnerabilities for the February release, which constitutes one of the bigger patch Tuesdays.”

So, thanks to a stealth attack launched in China against Google and other targets leveraging a zero-day exploit against Internet Explorer, the out-of-band update for IE saved February 2010 from the dubious honor of most security bulletins, and reduced it to a meager record-tying month.

Still, its not perfect. There will be vulnerabilities found, and Microsoft will issue patches for them. Eventually, Microsoft will develop a Service Pack to bundle the accumulated patches, as well as adding features and updating the operating system in general.

There have been a few rumors and rumblings hinting that Service Pack 1 (SP1) for Windows 7 may be in the early stages of development. At this point, its mere existence is a matter of speculation, which makes predicting what it might contain even less reliable. But, if you want to get started early on the debate over what Windows 7 SP1 might have in store, check out What to Expect from Microsoft Windows 7 SP1 from PCWorld.