Microsoft plugs critical hole in Surface operating system


In an advanced notice of its security patches issued on Patch Tuesday--the second Tuesday of every month--Microsoft (NASDAQ: MSFT) announced that it is patching a critical vulnerability in its Surface tablet's Windows RT operating system, which if left unpatched, could enable hackers to infect the tablet with malware.

If you just bought a Surface tablet, "it's important that you sit up, pay attention, and take action whenever Microsoft issues security updates," explained Graham Cluley, senior technology consultant at security firm Sophos.

Microsoft will fix critical and important security vulnerabilities in Windows RT this Tuesday.

In addition, Microsoft said it would fix three critical holes in its new Windows 8 OS. The company does not provide specifics about the vulnerabilities in its advanced notification.

In total, six security bulletins with fixes will be issued on Tuesday affecting a range of Microsoft products, including Windows XP, Windows Visa, Windows 7, Server 20013, Server 2012, as well as Microsoft Office products.

Paul Henry, a security analyst with Lumension, said that it is "disappointing" that Microsoft is fixing so many vulnerabilities in new products as well as legacy products.

"These bulletins impact many current generation products and that's concerning. Nothing is ever 100 percent secure and albeit mistakes are made in software. But it's still ugly to see," Henry said in an email.

The disclosure of a critical vulnerability in its Surface OS cannot be good news for Microsoft, which is pitching its new tablet as a more secure BYOD option than Android-based tablets.

For more:
- check out Microsoft's advanced security notice
- read Cluley's blog

Related Articles:
Windows RT app incompatibility could be Surface 'buzzkill'
Microsoft set to fix 20 bugs next Tuesday