The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems.
Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security.
If you've enabled automatic updates, the patches will automatically install on Tuesday. As usual, the specific details about what is being fixed in these updates won't be revealed until the patches themselves are available for download in order to not give hacker groups an advanced heads-up.
Among the flaws, a few patches will be delivered for Internet Explorer that will fix a flaw that allows drive-by attacks on vulnerable systems, such as if the user visits a malicious Web page through the browser. There has been a lot of speculation about the cause of the Windows RT bug, with some saying that is the result of faulty hardware that may require the complete replacement of the Touch cover, while others believe that it’s really a software issue that may be resolved via a software update from Microsoft.
zero-day vulnerability and written an exploit for the new OS as well as Internet Explorer 10.