Microsoft warns of first critical Windows 8, RT security flaws

Plug everything in and prepare the systems: Patch Tuesday is coming. Microsoft will release six security patches, four of them considered 'critical' for Windows 8, and Surface-ready Windows RT operating systems.
Written by Zack Whittaker, Contributor

It's been less than a month since Windows 8 and Windows RT-powered Surface tablets were launched and went on sale, but Microsoft is already warning that the two next-generation operating systems contain critical security vulnerabilities that are due to be patched this coming Tuesday.

Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security.

The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems. 

Screen Shot 2012-11-09 at 13.54.55
Credit: Microsoft. Screenshot: ZDNet

Among the flaws, a few patches will be delivered for Internet Explorer that will fix a flaw that allows drive-by attacks on vulnerable systems, such as if the user visits a malicious Web page through the browser. Older versions of Internet Explorer, versions IE6, IE7 and IE8, which run on Windows XP, will not be patched. 

The latest version of Internet Explorer 10, exclusive to Windows 8 and Windows RT machines, contains no vulnerabilities that Microsoft is yet aware of.

For Office, where a machine could allow remote code execution if a user opens a malicious Office document. Rated as "important," it requires user intervention -- in this case, the code can only run if the user opens up the document.

In all, the six patches will fix 19 vulnerabilities, and will be released through the usual channels in the coming days -- on so-called "Patch Tuesday."

Editorial standards