Microsoft Kicks Off New Security Update Process for Its Windows Store Apps

Microsoft today started up its new security update process for Windows Store applications, releasing a Mail update for Windows 8 and Windows RT systems.

This Mail app security update, rated as "moderate," is tersely described in a Microsoft security advisory, along with a Knowledge Base support article. The support article indicates that the security patch will resolve "a spoofing issue." Left unpatched, an attacker could send an e-mail message with a malicious URL link that seems to be a link to another Web site. Microsoft recommends updating the Mail app "as soon as possible using the Windows Store Apps update feature."

The update represents the launch of a new process specifically designed for the Microsoft apps that come included with Windows 8 and Windows RT systems. These so-called "built-in apps" currently include Bing, Games, Music, News, People, Photos, SkyDrive, Travel and Video, along with Mail.

Security updates for Microsoft's built-in apps will be released more frequently than the traditional monthly security updates, where patches get pushed down through Windows Update starting on the second Tuesday of each month. This point was explained earlier this month by Mike Reavey, a senior director at the Microsoft Security Response Center. Windows Store app security updates will be released "as they become available," he said. They get installed when the user clicks on the Windows Store tile in Windows 8 or Windows RT and then selects the update.

For apps that work across both the "Desktop" and "Windows Store App" user interface sides of Windows 8 and Windows RT, Microsoft's policy is to revert to the traditional Patch Tuesday process to deliver security updates. The aim of Microsoft's security team will be to issue a patch for both UI sides of the operating system simultaneously.

"When the same vulnerability affects a traditional and an app version of a software application, we will make every effort to release updates to both applications simultaneously through our normal security update release process on the second Tuesday of the month, except when customer risk justifies releasing an out-of-band update," Microsoft's policy statement explains.

Presumably, that sort of security update schedule would apply to applications such as Internet Explorer 10, which runs on both the Desktop and Windows App Store sides of Windows 8.

Alerts about Windows Store security updates can be received via e-mail. Microsoft's sign-up page to get those alerts can be accessed at this page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.