Well, that didn’t take long. Windows 8 was released at the end of October, and the November version of Microsoft’s Patch Tuesday included updates for Windows 8 and Windows RT, which is the version of the OS that runs on the Surface tablet. Also, Windows Server 2012, released in September, also has an update. The flaw being patched is a vulnerability that could allow a user to be compromised by visiting a malicious webpage using TrueType font files.
I admit I was a little surprised to see that Windows 8 was included in this Patch Tuesday — though I expected something to be a little buggy since nothing is perfect in these releases — because of the buzz about the OS’s excellent security. Does it bode well that a critical flaw was found in less than two weeks out on the open market? On the upside, Windows 8 is still being hailed as the most secure version of Windows to be released, and that’s progress.
Yet, according to CNBC, there may also be other security problems with Windows 8:
Security firm Bitdefender also reported security problems with Windows 8. The company said that even when Microsoft’s anti-spyware called Windows Defender was running, the OS was still vulnerable to about 15 percent of the top 100 malware types that were most used by cybercriminals in 2012.
It is days like this when I am reminded of something said to me a few years ago. The only truly secure computer is one that is unconnected from the Internet, turned off and locked in a closet. Some days, that seems to be true.
While the Windows 8 flaws have gotten most of the attention, Andrew Storms, director of security operations at nCircle Security, told ComputerWorld that the most critical flaw that needs to be addressed is in IE9:
“The IE9 [bulletin] is the one that should be patched first,” said Storms. “It’s a drive-by,” he added, referring to the tactic that only requires hackers to trick users into browsing to a malicious website. Doing that with an unpatched copy of IE9 could result in a successful hijacking of a Windows 7 or Vista PC. IE9 only runs on those two operating systems.
There is a bit of positive news on the Patch Tuesday front, however. Microsoft products are actually becoming more secure. That might be hard to believe when the past few months have had a number of critical and high-profile patches, but according to PC Magazine:
Microsoft has released 76 patches so far for 2012, well below the number of patches released in 2011 and 2010, which is a “win” for IT administrators, said Wolfgang Kandek, CTO of Qualys.