Security Advisor

Windows 8 Patching Right on Schedule

Discovered vulnerabilities this early in the software's lifecycle should be neither shocking or unexpected.

How many times have you heard somebody say they are waiting for the first service pack to be released before updating to the current version of Windows?

We all know that while Microsoft does its best to perform as much testing as possible, you won't be able to find all the launch-day bugs until the final product in the hands of the public. That's why it's not surprise that a short three weeks after the launch of Windows 8, Microsoft's newest OS is receiving some security updates for four found flaws (find this month's Microsoft security update info here).

Logic should also tell you that just because the number has changed, that doesn't mean that the old, familiar Windows framework isn't holding up a new interface. So, if there's a new problem found in the Windows Kernel or Shell, you can bet that both your Windows 7 and Windows 8 machines will need an update.

"Much of [Windows 8's] core operating system is reused from version to version (even in new releases) and all software has its share of bugs," said Andrew Storms, nCircle's security director in a blog post. "These factors, plus the security researchers that love to find and report bugs in the latest versions of software, are why there are several bulletins for Windows 8."

Makes sense. I'm pretty sure there's not a lot of recognition and increased Web site traffic for your security firm for finding issues with Windows XP at this point. But to get your name attached to the discovery of a Windows 8 flaw? That's some good advertising for your firm's stash of products and services.

Judgments should not be jumped to based on the number of found vulnerabilities in Windows 8 in the first few months. It's all part of the growing process. However, a huge selling point Microsoft has been pushing in the OS upgrade was the fact that, thanks to a more self-contained and isolated sandbox environment, this is a more secure Windows that we have been used to. Judge the software by the number of real-world security incidents that hit the wild; not by the number of cracks patched before exploitations can be discovered.

Are you one of the early adopters that have theoretically paid Microsoft to stress test Windows 8? Let us know how secure you think the OS is. Or are you someone that typically waits until the first service pack before upgrading? Let us know your reasoning. All comments welcome at cpaoli@1105media.com.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus

Reader Comments:

Thu, Nov 15, 2012

You can't have it both ways; the new OS is more secure but we still have streaming patches. Every new OS is beter, more secure, bla, bla, bla... of course if they fix just one thing, it is more secure than before but that doesn't make it a secure OS. This is supposed to be a released product and not just a Gamma test phase, which it appears to be and is the reason many wait until SP1 as a signal the test phase is over.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.