Windows 8 apps on Windows Store left off Patch Tuesday

Microsoft is adding a faster Windows Store update branch to its monthly Patch Tuesday cycle.
Written by Liam Tung, Contributing Writer

Windows Store Windows 8 apps will get security patches on a different rhythm to Microsoft's traditional monthly Patch Tuesday for desktop software — unless the same flaw affects both versions of the software.

Windows 8 apps installed from the Windows Store will get security updates "as they become available", Mike Reavey, senior director at Microsoft Trustworthy Computing said on Wednesday, announcing a change to its security update policy

The policy diverges from Microsoft's long tradition of releasing security updates on the second Tuesday of every month. So many enterprises have update procedures geared around the date that Adobe began syncing Reader updates with it in 2009 and last year added Flash to the cycle.  

Microsoft assured customers it won't be ditching the Patch Tuesday cycle altogether, but said the new policy means that the Windows Store updates that fall outside that cycle are not considered out-of-band updates, which are usually reserved for extreme cases like a zero-day exploit in the wild.

"Microsoft is committed to preserving the attributes valued in our traditional update policy while adapting security update releases to meet broader customer expectations around apps available through the Windows Store," the company said in the policy statement.

As Reavey explains: "Providing security updates to these apps more frequently will allow us to add new functionality, fix issues and improve security. This will also help developers to avoid introducing new issues during the update process."

The new update scheme will also apply to pre-installed Windows 8 apps like Mail and, like its traditional updates, will include a security advisory.

The one instance Windows 8 apps from Windows Store won't be updated on the fly is when the same vulnerability affects both traditional software and its corresponding app. 

"When the same vulnerability affects a traditional and an app version of a software application, we will make every effort to release updates to both applications simultaneously through our normal security update release process on the second Tuesday of the month, except when customer risk justifies releasing an out-of-band update," Microsoft said.

Editorial standards