Feeds

Redmond to skip Patch Tuesday for Windows Store apps

All updates, all the time for touchy-feely tiles

Security for virtualized datacentres

Microsoft has announced that it will ship fixes and updates for the Windows Store apps that come bundled with Windows 8 and Windows RT as soon as they are available, rather than issuing them in batches as it does for the rest of Windows.

"We are committed to adapting our policies as the world evolves and with the new Windows Store, we evaluated how to best release security updates for Windows Store apps," Mike Reavey of Microsoft's Trustworthy Computing division wrote in a blog post on Tuesday. "Our goal is to have a quick, transparent and painless security update process."

In the past, Microsoft has held off on releasing new Windows patches and bug fixes until the second Tuesday of each month, resulting in a regular mass-update event that has come to be known as "Patch Tuesday."

The company often rolls patches for other important software into the Patch Tuesday bundle, as well, such as Office updates, fixes for the Flash Player component of Internet Explorer 10, and firmware updates for Surface devices.

Only in unusual cases will Microsoft release a patch outside of its normal update cycle, such as when a security vulnerability is being actively exploited in the wild.

In the case of Windows Store apps, however, Microsoft now says that it will publish new updates as soon as they are ready – including updates for the Windows Store apps that come bundled with Windows 8 and Windows RT, such as Calendar, Mail, Maps, Messaging, People, Weather, and so on.

"The Windows Store introduces a model in which regular updates are a normal part of using software. Apps are updated frequently to add new functionality, fix bugs, and improve security," Redmond's new policy statement states. "The operative expectation: quick and painless updates."

Your humble Reg hack notes that the potential problem with this plan is that it's always possible for the latest patch to introduce new problems that weren't there before. But on that score, Microsoft says not to worry, because the Windows Store programming model is inherently better than what has come before.

"Improved Application Programming Interface (API) and security models help developers avoid introducing new bugs in updates," the new security policy helpfully explains.

Only in the rare case that a security flaw affects both a Windows Store app and another piece of traditional desktop software simultaneously will Microsoft consider delaying the fix for the Windows Store app until Patch Tuesday – and even then, it will release the patch immediately if the vulnerability is serious enough.

Microsoft says it will maintain a security bulletin with a unique Knowledge Base (KB) number for each of its Windows Store apps, and the bulletin will be updated as each new patch is delivered to customers.

Otherwise, it says, this change in its update policy for Windows Store apps will have no effect on how it issues patches for the other components of Windows, which it still plans to ship on Patch Tuesdays, except in the event of emergencies.

"Microsoft is committed to preserving the attributes valued in our traditional update policy while adapting security update releases to meet broader customer expectations around apps available through the Windows Store," the company said in a statement. ®

Internet Security Threat Report 2014

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Ploppr: The #VultureTRENDING App of the Now
This organic crowd sourced viro- social fertiliser just got REAL
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.