Microsoft’s recently launched Windows 8 operating system is set to receive its first critical security update next week. According to the company’s advance notification posting, the November edition of Patch Tuesday will include critical fixes for vulnerabilities in Windows, Internet Explorer, and the .NET framework. The exact nature of each flaw was kept under wraps as usual but Microsoft said that all could allow remote code execution on vulnerable systems.
Three of the critical vulnerabilities affect Windows 8 and pretty much every other version of the operating system down to XP, while the remaining one affects Windows RT. The latest version of Internet Explorer 10, which is exclusive to Windows 8 and Windows RT machines, was not among the affected versions of Microsoft’s browser.
In addition to the critical flaws, there are two additional bulletins addressing flaws in Office and Windows, one rated as important and the other as moderate. The first involves a potential remote execution vulnerability in Microsoft’s productivity suite while the latter is related to an information disclosure bug.
Microsoft will release more details and host a Webcast about the updates after they've rolled out on Tuesday. As usual, those that have automatic updates enabled should received them as soon as they are out, otherwise the updates should be available from Microsoft’s Download Center or through Windows Update.
In somewhat related news, security researchers at BitDefender recently took 385 of the most popular malware samples it found in the past six months and threw them at Windows 8 to see how it fares in its default state, with the built-in Windows Defender feature enabled. According to their findings, the operating system "is prone to infection by some 15% of the 100 malware families most used by cyber criminals this year."
That may sound (intentionally) alarming but that’s actually a big improvement over a clean install of Windows 7. Naturally, BitDefender believes that a third-party security solution is still needed.