First Windows 8 and Windows RT Security Updates Due Next Week

Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsoft’s on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8.

Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsoft’s on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8.

Tuesday’s updates include patches for Windows 8 and Windows RT, the operating system used on the new Surface tablets, that the company said will fix critical remote execution vulnerabilities.

IT managers can expect six bulletins addressing 19 vulnerabilities on Tuesday, four rated critical by Microsoft, including one addressing remote execution bugs in Internet Explorer 9. Two bulletins rated important by Microsoft will also be issued, one for Microsoft Office and another in Windows.

Windows 8 was released Oct. 26, and by Halloween researchers at VUPEN had found the first zero-day vulnerability and written an exploit for the new OS as well as Internet Explorer 10. No details were publicly disclosed and CEO Chaouki Bekrar said the technical details and protective recommendations would be shared only with VUPEN customers.

The exploit, Bekrar said, is a sandbox bypass for IE 10 and beats security mitigations in Windows 8, including anti-return oriented programming protection, and ASLR and DEP, which help protect against memory corruption flaws such as buffer overflows.

Adobe, meanwhile, pushed through out-of-band patches for seven Flash Player vulnerabilities that repaired bugs leading to system crashes or remote code execution. Adobe said there are no exploits in the wild for any of the vulnerabilities.

And today, Adobe is dealing with an Adobe Reader zero-day sandbox bypass discovered in an underground market selling for upwards of $50,000, according to a Russian security company, Group-IB.

Suggested articles

EMET, AV Disclosure Leak Plugged in IE

Microsoft patched a disclosure leak in Internet Explorer that revealed whether EMET or other antimalware protections were running on a compromised computer.

Discussion

  • David Ferebee on

    Unless Microsoft gets it so Flash can run on Windows RT my Surface tablet is going back to Microsoft before my 30 day period is up at the end of the month!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.