Security Advisor

Windows 8 Patching Right on Schedule

Discovered vulnerabilities this early in the software's lifecycle should be neither shocking or unexpected.

How many times have you heard somebody say they are waiting for the first service pack to be released before updating to the current version of Windows?

We all know that while Microsoft does its best to perform as much testing as possible, you won't be able to find all the launch-day bugs until the final product in the hands of the public. That's why it's not surprise that a short three weeks after the launch of Windows 8, Microsoft's newest OS is receiving some security updates for four found flaws (find this month's Microsoft security update info here).

Logic should also tell you that just because the number has changed, that doesn't mean that the old, familiar Windows framework isn't holding up a new interface. So, if there's a new problem found in the Windows Kernel or Shell, you can bet that both your Windows 7 and Windows 8 machines will need an update.

"Much of [Windows 8's] core operating system is reused from version to version (even in new releases) and all software has its share of bugs," said Andrew Storms, nCircle's security director in a blog post. "These factors, plus the security researchers that love to find and report bugs in the latest versions of software, are why there are several bulletins for Windows 8."

Makes sense. I'm pretty sure there's not a lot of recognition and increased Web site traffic for your security firm for finding issues with Windows XP at this point. But to get your name attached to the discovery of a Windows 8 flaw? That's some good advertising for your firm's stash of products and services.

Judgments should not be jumped to based on the number of found vulnerabilities in Windows 8 in the first few months. It's all part of the growing process. However, a huge selling point Microsoft has been pushing in the OS upgrade was the fact that, thanks to a more self-contained and isolated sandbox environment, this is a more secure Windows that we have been used to. Judge the software by the number of real-world security incidents that hit the wild; not by the number of cracks patched before exploitations can be discovered.

Are you one of the early adopters that have theoretically paid Microsoft to stress test Windows 8? Let us know how secure you think the OS is. Or are you someone that typically waits until the first service pack before upgrading? Let us know your reasoning. All comments welcome at

About the Author

Chris Paoli is the site producer for and


  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.