Microsoft warns of first critical Windows 8, RT security flaws

Microsoft warns of first critical Windows 8, RT security flaws

Summary: Plug everything in and prepare the systems: Patch Tuesday is coming. Microsoft will release six security patches, four of them considered 'critical' for Windows 8, and Surface-ready Windows RT operating systems.


It's been less than a month since Windows 8 and Windows RT-powered Surface tablets were launched and went on sale, but Microsoft is already warning that the two next-generation operating systems contain critical security vulnerabilities that are due to be patched this coming Tuesday.

Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security.

The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems. 

Screen Shot 2012-11-09 at 13.54.55
Credit: Microsoft. Screenshot: ZDNet

Among the flaws, a few patches will be delivered for Internet Explorer that will fix a flaw that allows drive-by attacks on vulnerable systems, such as if the user visits a malicious Web page through the browser. Older versions of Internet Explorer, versions IE6, IE7 and IE8, which run on Windows XP, will not be patched. 

The latest version of Internet Explorer 10, exclusive to Windows 8 and Windows RT machines, contains no vulnerabilities that Microsoft is yet aware of.

For Office, where a machine could allow remote code execution if a user opens a malicious Office document. Rated as "important," it requires user intervention -- in this case, the code can only run if the user opens up the document.

In all, the six patches will fix 19 vulnerabilities, and will be released through the usual channels in the coming days -- on so-called "Patch Tuesday."

Topics: Security, IT Priorities, Tablets, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • ...and here we go!

    What a piece of junk. I'd rather go with Android or iOS. As for PC i'd stay with my Windows 7.
    • Re:

      And here we go! The first moron who thinks Android/iOS is invulnerable!
      • Moronic

        I havent had a single security issue with my android cellphone/tablet since the day they were launched.. does that make a moron too?
        • Re:

          So you speak for EVERY android user? How delightful! There are people with unpatched Windows XP's with zero security issues, but it's still stupid to not patch your system.
          • Big difference

            There is a big difference between a security flaw in operating system or security flaw caused by an third party security flaw is in operating system itself
          • Update

            That's what MS updates for. They'll do it frequently for their customers. Android, iOS also have flaws in OS itself, don't be ignorant as MS fixes everything in very short time.
          • My god..

            My god.. this product has been out for all of a month.. and it already has 19 vulnerabilities.. that is absolutely disgusting and just another reason why I'll stick with my IOS devices.. Surface/MS Windows 8 all dead .. I haven't had one single person in all the companies I work with ask when they should upgrade to Windows 8 or if they should buy a surface.. it's garbage and MS made a major mistake trying to combine hardware technologies and software.. ie Zune. :)
          • Going through dumpsters is

            not working with companies. But nice try though.
          • iOS security updates

            So you prefer the Apple way, keep the users exposed with 190+ vulnerabilities until the next major release.


            BTW, did Apple fixed those security issues for devices that cannot run iOS 6, like the first generation iPad?
          • still no response to this

            Apple hipsters crack me up. They come on Windows threads to thrash Microsoft, then ignore a valid point point brought up with a link provided for proof that iOS has it's own issues.

            Do Windows users go on Apple threads to do the same thing? You guys are tools.
          • All the frickin' time

            The paid windows bloggers (Toddy comes to mind) attack Apple every chance they get. Toddy is one of the best at twisting the truth so we're not going to let him off the hook; especially on RT.

            But think about it, 19 vulnerabilities identified in one month after TWO YEARS of development! Demand better. There are tools in every shed...
          • There are billions of vulnerebilities in every software

            Just cause Microsoft is detecting, announcing and patching at a fast rate doesn't mean Crapple (who hides every vulnerability behind the curtain pretending like nothing is wrong) or Google (who only patches ~10% of Android devices officially running the latest OS) are any better.

            I'd much rather be informed of issues when they're detected and get a patch for it within a month than remain vulnerable for a year (in the case of Crapple) or officially vulnerable forever (in the case of Google, unless I make another hundreds dollor worth of payment to get the latest device)
          • And where does it say...

            ... Windows 8 has 19 vulnerabilities?
            Roger Spencelayh
          • You don't work for anyone

            Youre just making this up.. There are large government organizations and multinational upgrading to 8... Dummy
          • Civility

            If you can't refrain from calling people names, don't post
          • OS Security "Flaws"

            I am always amazed at the ignorance of the common user who's not in the IT field, but insinuates that he/she is some sort of expert. I've been in the industry since DOS 3.3, and I can tell you many stories of security flaws in 'every' piece of software. Software, be it an OS or otherwise, is only as secure as it needs to be, until someone finds a way to create holes in the software. It's like weaponery: a bullet-proof vest is only effective until someone creates a 'better' bullet. Then the vest needs to be 'patched/upgraded'. MS always has its hands full because its OS is the most ubiquitous. Why develop code, good or bad, for the smaller percentage OS. It's only good business sense to target the largest 'audience'. Don't slam the OS or its developers; slam the idiots who are always trying to break it.
          • well said

            Well said..
            it only comes to who fixes it fast..
          • as long as you only use apps from windows store your as safe as your are in

            as long as you only use apps from windows store your as safe as your are in IOS. and you need compare with MACs nit IOS devices.
            Compare android with WP8 and IOS, that makes more sense.
          • Microsoft fixes everything in very short time

            The new era in tablet computing: patch your tablet each patch Thursday.

            But then, it's an Tamagotchi reincarnated, so you need to take care of the poor thing, or it dies.
          • Apple way

            "The new era in tablet computing: patch your tablet each patch Thursday"

            So you prefer the Apple way, don't fix security issues and keep users exposed until the next major release, like they did with iOS 6. BTW, did Apple make available the security fixes in iOS 6 to users that cannot upgrade, like the first gen iPad? Maybe the Tamagotchi way of MS is better, don't you think?