Microsoft Kicks Off New Security Update Process for Its Windows Store Apps

Microsoft today started up its new security update process for Windows Store applications, releasing a Mail update for Windows 8 and Windows RT systems.

This Mail app security update, rated as "moderate," is tersely described in a Microsoft security advisory, along with a Knowledge Base support article. The support article indicates that the security patch will resolve "a spoofing issue." Left unpatched, an attacker could send an e-mail message with a malicious URL link that seems to be a link to another Web site. Microsoft recommends updating the Mail app "as soon as possible using the Windows Store Apps update feature."

The update represents the launch of a new process specifically designed for the Microsoft apps that come included with Windows 8 and Windows RT systems. These so-called "built-in apps" currently include Bing, Games, Music, News, People, Photos, SkyDrive, Travel and Video, along with Mail.

Security updates for Microsoft's built-in apps will be released more frequently than the traditional monthly security updates, where patches get pushed down through Windows Update starting on the second Tuesday of each month. This point was explained earlier this month by Mike Reavey, a senior director at the Microsoft Security Response Center. Windows Store app security updates will be released "as they become available," he said. They get installed when the user clicks on the Windows Store tile in Windows 8 or Windows RT and then selects the update.

For apps that work across both the "Desktop" and "Windows Store App" user interface sides of Windows 8 and Windows RT, Microsoft's policy is to revert to the traditional Patch Tuesday process to deliver security updates. The aim of Microsoft's security team will be to issue a patch for both UI sides of the operating system simultaneously.

"When the same vulnerability affects a traditional and an app version of a software application, we will make every effort to release updates to both applications simultaneously through our normal security update release process on the second Tuesday of the month, except when customer risk justifies releasing an out-of-band update," Microsoft's policy statement explains.

Presumably, that sort of security update schedule would apply to applications such as Internet Explorer 10, which runs on both the Desktop and Windows App Store sides of Windows 8.

Alerts about Windows Store security updates can be received via e-mail. Microsoft's sign-up page to get those alerts can be accessed at this page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.