Windows 8’s first security patches will be part of a package of fixes released Tuesday during Microsoft’s monthly Patch ritual.
Microsoft announced the Windows 8 security fixes in a recent security bulletin.
The bulletin was issued days after a security company in the business of selling zero-day vulnerabilities, Vupen, announced that it had found multiple vulnerabilities in Windows 8 and Internet Explorer 10.
Three “critical” fixes for both the 32-bit and 64-bit versions of Windows 8 will be issued on Microsoft’s Patch Tuesday.
They can be exploited to allow code execution without user interaction. Such execution allows malware to self propagate itself or code to be executed without warnings or prompts to a user.
In addition to the Windows 8 fixes, the Patch Tuesday package will include critical updates for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012 and Windows RT.
Microsoft will also be issuing a number of “important” updates for its Office productivity suite for both Windows and Mac platforms.
After Vupen revealed that it had found vulnerabilities in Windows 8, Microsoft declined to comment on the discovery.
Technologies that Vupen claim to have bypassed included HiASLR (hi-entropy Address Space Layout Randomization), AntiROP (anti-Return Oriented Program), DEP (data execution prevention) and the IE 10 Protected Mode sandbox.
Although Microsoft has made great strides in securing Windows 8 and IE 10, vulnerabilities were bound to be found, according to Bitdefender senior product manager Alex Balan.
“As with any software, things are found to be vulnerable at one point or another,” he said in an interview. “It’s not that Microsoft is a great company and doesn’t develop great software.”
“They’ve made huge leaps forward in terms of security,” he added. “But holes are always going to be found that will allow someone to lower the security barriers. One way or the other, vulnerabilities will be exposed, and they will be exploited.”
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read ouraffiliate link policyfor more details.
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix. Disclosure: He also writes for Hewlett-Packad's marketing website TechBeacon.