On the bright side for Microsoft, three of the five critical vulnerabilities assigned to Windows 7 are in Internet Explorer 8 (IE8), the browser that ships with the new OS. The remaining two are in older editions of the .NET Framework and Silverlight, the .NET-based cross-browser, cross-platform media standard Microsoft's pushing.
Windows 7 was also unaffected by the eight vulnerabilities in GDI+ (Graphics Device Interface), which was put at the top of the to-patch list by most experts. Windows XP users had to apply six of the eight GDI+ fixes, while Vista users had to deploy just one.
But that doesn't mean researchers and hackers won't uncover flaws in Windows 7, perhaps an increasing number as time goes on. "Unless Microsoft can make a brand-new operating system, bad things will continue to happen," said Miller of Shavlik.
Users already running Windows 7 can update now, but users who upgrade to Windows 7 starting this week will need to run Windows Update to obtain the patches after they've installed the new operating system.