Feeds

Redmond to skip Patch Tuesday for Windows Store apps

All updates, all the time for touchy-feely tiles

Beginner's guide to SSL certificates

Microsoft has announced that it will ship fixes and updates for the Windows Store apps that come bundled with Windows 8 and Windows RT as soon as they are available, rather than issuing them in batches as it does for the rest of Windows.

"We are committed to adapting our policies as the world evolves and with the new Windows Store, we evaluated how to best release security updates for Windows Store apps," Mike Reavey of Microsoft's Trustworthy Computing division wrote in a blog post on Tuesday. "Our goal is to have a quick, transparent and painless security update process."

In the past, Microsoft has held off on releasing new Windows patches and bug fixes until the second Tuesday of each month, resulting in a regular mass-update event that has come to be known as "Patch Tuesday."

The company often rolls patches for other important software into the Patch Tuesday bundle, as well, such as Office updates, fixes for the Flash Player component of Internet Explorer 10, and firmware updates for Surface devices.

Only in unusual cases will Microsoft release a patch outside of its normal update cycle, such as when a security vulnerability is being actively exploited in the wild.

In the case of Windows Store apps, however, Microsoft now says that it will publish new updates as soon as they are ready – including updates for the Windows Store apps that come bundled with Windows 8 and Windows RT, such as Calendar, Mail, Maps, Messaging, People, Weather, and so on.

"The Windows Store introduces a model in which regular updates are a normal part of using software. Apps are updated frequently to add new functionality, fix bugs, and improve security," Redmond's new policy statement states. "The operative expectation: quick and painless updates."

Your humble Reg hack notes that the potential problem with this plan is that it's always possible for the latest patch to introduce new problems that weren't there before. But on that score, Microsoft says not to worry, because the Windows Store programming model is inherently better than what has come before.

"Improved Application Programming Interface (API) and security models help developers avoid introducing new bugs in updates," the new security policy helpfully explains.

Only in the rare case that a security flaw affects both a Windows Store app and another piece of traditional desktop software simultaneously will Microsoft consider delaying the fix for the Windows Store app until Patch Tuesday – and even then, it will release the patch immediately if the vulnerability is serious enough.

Microsoft says it will maintain a security bulletin with a unique Knowledge Base (KB) number for each of its Windows Store apps, and the bulletin will be updated as each new patch is delivered to customers.

Otherwise, it says, this change in its update policy for Windows Store apps will have no effect on how it issues patches for the other components of Windows, which it still plans to ship on Patch Tuesdays, except in the event of emergencies.

"Microsoft is committed to preserving the attributes valued in our traditional update policy while adapting security update releases to meet broader customer expectations around apps available through the Windows Store," the company said in a statement. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.