Microsoft launched a number of updates for their own Windows 8 apps earlier this week, including a big one for the Mail app that added some highly requested new features. As it turns out, Microsoft also put in a security update to the Windows 8 mail app that was not disclosed in the app's change log.
Instead, Microsoft revealed the details on its Security TechCenter website, making it the first Windows 8 app to receive a security update. Specifically, the security patch, which was labeled as Moderate by Microsoft, was released to fix an issue in the Mail app that would have allowed "remote attackers to spoof link targets via a crafted HTML e-mail message". Microsoft stated the problem was first discovered by Alex Wolff of UK-based IT consultancy BrownWolff who then reported the vulnerability to Microsoft.
Earlier this month, Microsoft announced it would start issuing security patches and alerts for Windows 8 apps. However, the way in which Microsoft announced the update has come under fire by some security experts. Computerworld.com notes that Microsoft did not make an announcement on its Security Response Center blog, as it does for Windows OS patches. Andrew Storms, the director of security operations at nCircle Security, stated, "It's odd, because you would think that Microsoft would want people to know about it."
Source: Microsoft Security TechCenter | Image via Microsoft