- Oct 23, 2012
- 12,527
Microsoft will push out the first major security patches for its new Windows 8 and Windows RT operating systems on Nov. 13, the software giant announced in an advance notification posting published this week.
The first "Patch Tuesday" to include fixes for Windows 8 and RT vulnerabilities will also address security issues in several flavors of Windows XP, Vista, and 7, as well as various editions of Windows Server, Internet Explorer, Office, and the Microsoft .NET Framework.
The security bulletin points to three "critical" vulnerabilities in Windows 8, affecting both the 32-bit and 64-bit versions of the OS, and one "critical" and one "important" issue in Windows RT.
Microsoft's "critical" security rating is issued for "[a] vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing to a Web page or opening email."
An "important" tag is issued for "[a] vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. These scenarios include common use scenarios where client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability. Sequences of user actions that do not generate prompts or warnings are also covered."
Microsoft didn't offer specifics about the Windows 8 and Windows RT security holes it has identified—par for the course in advance of its roll out of patches for those vulnerabilities. The company as a rule makes those details available after Patch Tuesday fixes are released.
Having automatic security updates from Microsoft enabled on your Windows machine means those patches will be pushed out to you, otherwise you can download the fixes from Microsoft's Download Center when they're made available.
source
