Feeds

Redmond to skip Patch Tuesday for Windows Store apps

All updates, all the time for touchy-feely tiles

Combat fraud and increase customer satisfaction

Microsoft has announced that it will ship fixes and updates for the Windows Store apps that come bundled with Windows 8 and Windows RT as soon as they are available, rather than issuing them in batches as it does for the rest of Windows.

"We are committed to adapting our policies as the world evolves and with the new Windows Store, we evaluated how to best release security updates for Windows Store apps," Mike Reavey of Microsoft's Trustworthy Computing division wrote in a blog post on Tuesday. "Our goal is to have a quick, transparent and painless security update process."

In the past, Microsoft has held off on releasing new Windows patches and bug fixes until the second Tuesday of each month, resulting in a regular mass-update event that has come to be known as "Patch Tuesday."

The company often rolls patches for other important software into the Patch Tuesday bundle, as well, such as Office updates, fixes for the Flash Player component of Internet Explorer 10, and firmware updates for Surface devices.

Only in unusual cases will Microsoft release a patch outside of its normal update cycle, such as when a security vulnerability is being actively exploited in the wild.

In the case of Windows Store apps, however, Microsoft now says that it will publish new updates as soon as they are ready – including updates for the Windows Store apps that come bundled with Windows 8 and Windows RT, such as Calendar, Mail, Maps, Messaging, People, Weather, and so on.

"The Windows Store introduces a model in which regular updates are a normal part of using software. Apps are updated frequently to add new functionality, fix bugs, and improve security," Redmond's new policy statement states. "The operative expectation: quick and painless updates."

Your humble Reg hack notes that the potential problem with this plan is that it's always possible for the latest patch to introduce new problems that weren't there before. But on that score, Microsoft says not to worry, because the Windows Store programming model is inherently better than what has come before.

"Improved Application Programming Interface (API) and security models help developers avoid introducing new bugs in updates," the new security policy helpfully explains.

Only in the rare case that a security flaw affects both a Windows Store app and another piece of traditional desktop software simultaneously will Microsoft consider delaying the fix for the Windows Store app until Patch Tuesday – and even then, it will release the patch immediately if the vulnerability is serious enough.

Microsoft says it will maintain a security bulletin with a unique Knowledge Base (KB) number for each of its Windows Store apps, and the bulletin will be updated as each new patch is delivered to customers.

Otherwise, it says, this change in its update policy for Windows Store apps will have no effect on how it issues patches for the other components of Windows, which it still plans to ship on Patch Tuesdays, except in the event of emergencies.

"Microsoft is committed to preserving the attributes valued in our traditional update policy while adapting security update releases to meet broader customer expectations around apps available through the Windows Store," the company said in a statement. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.