Microsoft to patch critical flaw in Windows 8 during monthly Patch Tuesday update

Windows 8 security issues may further deter enterprises from adoption
Tools

Microsoft (Nasdaq: MSFT) is patching a critical flaw in its newly introduced Windows 8 operating system during its monthly Patch Tuesday security update this week.

The Windows 8 security vulnerability could enable a hacker to gain remote control over an unpatched machine, according to Microsoft's security bulletin advanced notification issued last week.

Analysts are already questioning whether enterprises will adopt Windows 8 in the short term. According to a survey of 1,282 IT decision makers by Forrester Research, barely 4 percent have plans to migrate to Windows 8 this year.

The Microsoft-discovered security hole in Windows 8, along with security holes in the operating system found by security firm Vupen in November, will do nothing to reassure enterprises about moving to Windows 8.

In its advanced notification, Microsoft announced plans to release seven security bulletins--two rated as critical and five rated as important--fixing 12 security vulnerabilities. In addition to the security fix for Windows 8, the two critical bulletins plug security holes in other versions of Windows as well as Microsoft Office, Developer Tools and Server Software.

Wolfgang Kandek, chief technology officer of Qualys, said the Windows patches are likely the result of "a vulnerability in one of the base libraries of Windows that is widely used, such as Windows XML Core Services, which had its last fix in July of 2012."

For more:
- check out Microsoft's advanced notification
- read Kandek's commentary

Related articles:
Forrester: Only 4 percent of IT decision makers plan to migrate to Windows 8 in next year
Windows 8 security problems uncovered