Not only windows 8
I installed Server 2012 in a VM a few days ago. The first update was 165Mb.
Clearly unfinished software to have that amount of patching so soon after GA.
Microsoft will release critical updates for Windows 8 and other software on November's Patch Tuesday next week. The upgrades will arrive within weeks of the Win 8 launch at the end of last month. All supported versions of the Windows operating system from XP SP3 up to and including Windows 8 and Windows Server 2012 will need …
Less the Daily Mail, more like The New York Post or The Sun. The Mail Online and its print cousin rarely use screaming caps.
We use them to make particular stories stand out. Eg: prototype keyboard app for iPhones? No need. New operating system insecurities? Sure, why not.
Have you been asleep since the 1990's?
Yeah, it's a stupid idea to let Office touch the Internet. And yeah, Office has done this since the first versions that ran on Windows 95. It's not hard to make Office run off to the web to collect some part of a file you've downloaded and it's only a short step to make it compromise itself from there (because there's ALWAYS a whole it how it handles or verifies that data).
Hell, I hacked the school network when I was a kid by using Office macros to bypass Windows explorer restrictions on drive letters and program execution. Was but the work of a moment to demonstrate to my IT teacher (who stupidly told us to "try to hack the network, it's good education, but you won't be able to") that the document he'd just accepted from me and commented on had actually used his credentials temporarily to upgrade my account to a network admin. It was only because I told him that he ever knew, and only because I was honest that I didn't get into trouble. And the next day, I was invited to the IT Office to show them what I'd done and the program I'd wrote to stop it doing just that.
It's probably not *that* easy any more but all you have to do is get Office to try to load remote data and you have the potential for an exploit by feeding it corrupt data. It does that for everything from clipart, to form-filling, to hyperlinks, to embedded images, to macros, to online collaboration.
This really isn't news. Windows, just like EVERY (see what I did with capitals there) other operating system out there, does not get completely re-written from the ground up with each release, so it makes sense that many vulnerabilities that are discovered in Windows affect a whole range of different releases.
Microsoft should be applauded for their approach to regular, predictable patch management.
As for Windows 8 & RT, it's largely already been acknowledged (even in The Register, if only grudgingly so) that Windows 8 makes further strides forward in terms of OS security.
This is yet another example of The Register just bashing Windows 8 for the sake of it. Extra marks taken off for trying to specifically tie this to the Surface. This is hardly objective, and is really demonstrating a heavy bias in your reporting that is going to start turning people off.
"All supported versions of the Windows operating system from XP SP3 up to and including Windows 8 and Windows Server 2012 will need patching to close three security holes"
Umm, hold on, were we not told by his sweatiness (or one of his minions) that Win8 was "rewritten from the ground up"?
How can one reconcile that claim with Windows 8 sharing bugs with an incrementally upgraded OS who's genesis can be traced back to the mid 90's?
" if they've re-written something which complies to the same specification and merely optimised it, it is entirely possible that the vulnerability is inherent in how the system has been specified rather than the actual code itself."
Why did you use so many words when "they used copy-paste a lot" would have sufficed?
...Win8 was "rewritten from the ground up.. How can one reconcile that claim with Windows 8 sharing bugs with an incrementally upgraded OS who's genesis can be traced back to the mid 90's?
In the same manner Windows NT (New Technology) was named to sound innovative and Windows 2000 was based on "NT Technology" to sound stable and established: someone simply makes the claim. If the goal is simply to affect perception, then there is no need to be overly concerned with facts.
This post has been deleted by its author
Damn you register - If I wasn't paying attention here I wouldn't haver known there was an update
Sorry wrong OS
Security Updates - happens to all OS's where the "vendor" is somewhat serious about addressing problems (Seriously addressing security problems costs too much in hiring BFOH's and their cattle-prods)
Biting the hand that feeds IT © 1998–2019