First Windows 8 app security update release with Mail upgrade

Microsoft launched a number of updates for their own Windows 8 apps earlier this week, including a big one for the Mail app that added some highly requested new features. As it turns out, Microsoft also put in a security update to the Windows 8 mail app that was not disclosed in the app's change log.

Instead, Microsoft revealed the details on its Security TechCenter website, making it the first Windows 8 app to receive a security update. Specifically, the security patch, which was labeled as Moderate by Microsoft, was released to fix an issue in the Mail app that would have allowed "remote attackers to spoof link targets via a crafted HTML e-mail message". Microsoft stated the problem was first discovered by Alex Wolff of UK-based IT consultancy BrownWolff who then reported the vulnerability to Microsoft.

Earlier this month, Microsoft announced it would start issuing security patches and alerts for Windows 8 apps. However, the way in which Microsoft announced the update has come under fire by some security experts. Computerworld.com notes that Microsoft did not make an announcement on its Security Response Center blog, as it does for Windows OS patches. Andrew Storms, the director of security operations at nCircle Security, stated, "It's odd, because you would think that Microsoft would want people to know about it."

Source: Microsoft Security TechCenter | Image via Microsoft

Report a problem with article
Previous Story

New game engine demos offer glimpse of next gen graphics

Next Story

Is Bing Snapshot coming to the Bing.com home page?

11 Comments

Commenting is disabled on this article.

This being a app update and not a OS update then they wouldn't talk about it, it's also part of the bigger Mail update so you'll get it in the end if you update and use the Mail app.

I wonder what they'll moan about later this year when Windows Blue goes out and the default setting is to auto-install all metro apps? Unless there's some notification letting you know something has been updated then people won't notice anything if it's minor.

lctb51 said,
When I installed Windows 8, I unpinned all the stupid tablet apps from the start screen! Windows 8 was primarily designed for tablets!

Dunkleybwoy
Oh get over it!

So? Mail apps have more security vulnerability potential than most app types... I'm glad they are so committed to security. This article really makes no sense and seems to absurdly try to paint this as a bad thing...

I don't see the need to update a Windows OS security blog, especially when the update will be pushed to users almost immediately, (and if you're the type who doesn't install app updates, you'd hardly know about the SRC blog).

siah1214 said,

I don't understand this reaction.

He's a time traveler, and simply replied to a comment that still won't be made for another 20 minutes.

rfirth said,

He's a time traveler, and simply replied to a comment that still won't be made for another 20 minutes.

You were right. Obviously he was responding to lctb51's post below.