Microsoft Kicks Off New Security Update Process for Its Windows Store Apps

Microsoft today started up its new security update process for Windows Store applications, releasing a Mail update for Windows 8 and Windows RT systems.

This Mail app security update, rated as "moderate," is tersely described in a Microsoft security advisory, along with a Knowledge Base support article. The support article indicates that the security patch will resolve "a spoofing issue." Left unpatched, an attacker could send an e-mail message with a malicious URL link that seems to be a link to another Web site. Microsoft recommends updating the Mail app "as soon as possible using the Windows Store Apps update feature."

The update represents the launch of a new process specifically designed for the Microsoft apps that come included with Windows 8 and Windows RT systems. These so-called "built-in apps" currently include Bing, Games, Music, News, People, Photos, SkyDrive, Travel and Video, along with Mail.

Security updates for Microsoft's built-in apps will be released more frequently than the traditional monthly security updates, where patches get pushed down through Windows Update starting on the second Tuesday of each month. This point was explained earlier this month by Mike Reavey, a senior director at the Microsoft Security Response Center. Windows Store app security updates will be released "as they become available," he said. They get installed when the user clicks on the Windows Store tile in Windows 8 or Windows RT and then selects the update.

For apps that work across both the "Desktop" and "Windows Store App" user interface sides of Windows 8 and Windows RT, Microsoft's policy is to revert to the traditional Patch Tuesday process to deliver security updates. The aim of Microsoft's security team will be to issue a patch for both UI sides of the operating system simultaneously.

"When the same vulnerability affects a traditional and an app version of a software application, we will make every effort to release updates to both applications simultaneously through our normal security update release process on the second Tuesday of the month, except when customer risk justifies releasing an out-of-band update," Microsoft's policy statement explains.

Presumably, that sort of security update schedule would apply to applications such as Internet Explorer 10, which runs on both the Desktop and Windows App Store sides of Windows 8.

Alerts about Windows Store security updates can be received via e-mail. Microsoft's sign-up page to get those alerts can be accessed at this page.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Bolsters Windows IoT with NXP and SQL Server Support

    Microsoft's Internet of Things (IoT) product line is continuing to grow, with a few new developments highlighted this week.

  • Tamper Protection Now Available to Microsoft Defender ATP Subscribers

    The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.