Microsoft Releasing Security Fixes for Windows 8 Tuesday
Technology Editor, CNBC.com
Microsoft is releasing the first security patches for its Windows 8 operating system and Windows RT Tuesday.
While the company said the security updates are part of its monthly patch cycle, the security fixes were announced just days after a security company reported it had found multiple vulnerabilities in Windows 8 and in Internet Explorer.
On Oct. 30, Vupen, a security company, claimed it found a problem with Windows 8 and with Internet Explorer 10.
Vupen is a unique security company because it finds security vulnerabilities in popular software and then sells its findings to government agencies or companies, but does not share its findings with the actual vendor for free.
"We discovered multiple vulnerabilities mainly caused by memory corruption issues in Windows 8 and Internet Explorer 10 components which could be exploited via a specially crafted web page," said Chaouki Bekrar, Vupen's CEO and head of research, in a statement to CNBC. "Combining and chaining these flaws allowed us to confirm code execution and bypass security features recently introduced in Windows 8."
Microsoft posted on Nov. 9 that it would be issuing the security patches on Tuesday, less than two weeks after Vupen's reports of security flaws.
The security fixes issued for Tuesday will include three "critical" security vulnerabilities for Windows 8 and one "critical" fix for Windows RT, the OS Microsoft's Surface tablet runs on.
Microsoft did not disclose specific information about what vulnerabilities it would be fixing with the security patch, but the company will host a webcast on Wednesday to answer customers' questions and address an concerns, according to the company's website.
"We are committed to improving the security of all our products. When security updates are released, customers who have Automatic Updates enabled will be protected automatically and do not need take an action," said Dave Forstrom, director of Microsoft's security response center, in a statement to CNBC.
Security firm Bitdefender also reported security problems with Windows 8. The company said that even when Microsoft's anti-spyware called Windows Defender was running, the OS was still vulnerable to about 15 percent of the top 100 malware types that were most used by cybercriminals in 2012.
While some security vulnerabilities have been found in Windows 8 OS, its security measures trump all former versions of Windows OS, according to a Nov. 2 Twitter post by Chaouki Bekrar, Vupen's CEO and head of research.
"It took us a very long time and important resources to find and exploit all these vulnerabilities which confirms that Windows 8 is definitely the most secure Windows version ever," Bekrar said. "It will be very difficult for criminals to create zero-day attacks against it in the short term as the cost would be too high for a small return on investment."