Next Tuesday, November 13, will be the first Patch Tuesday since the official Windows 8 release occurred on October 26. Thus, it’s entirely fitting that Windows 8 will receive its first-ever “Critical” updates on that day. I puzzled over an article from Lance Whitney at CNET a few minutes ago because it was entitled “Windows 8, RT to get first critical security patches next Tuesday,” until it finally dawned on me that he wasn’t saying “first security patches” in general, but rather “first security patches with a Critical designation.” Because MS explains this as a “vulnerability whose exploitation could allow code execution without user interaction,” this is pretty serious stuff indeed.
Here’s a preview of coming attractions from the MS Security Bulletin for November 2012 (advance edition):
Of the three items that apply to Windows 8 with critical designations (Bulletins 2, 4, and 5) all are labeled with remote code execution, and at least two of them will require a restart (1 and 5) and 4 may also require a restart as well. It should be interesting to see exactly what these bulletins cover, and how well Windows 8 slips into the regular Patch Tuesday cycle going forward. So far, we’ve seen two Windows Updates for the Flash Player, an important GA cumulative update (KB2756872), protected content playback (KB2768703), and logo images in All Apps view (KB2751352). But other than the usual Flash folderol there’s been nothing designed to fend off potential system takeovers. Maybe next Tuesday will change things?