Patch Tuesday to fix vulnerabilities in Windows 8 and Surface
Three critical updates for new OS and Microsoft tablet


Despite going on sale less than a month ago, Microsoft is to release three fixes for Windows 8 and its Surface tablets.
Three security holes have been found that affect Windows systems from Windows XP SP3 right up to and including Windows 8 and Windows Server 2012.
The flaws allow hackers to execute malicious code on vulnerable systems. A couple of patches also fix flaws in Windows 8 RT, the ARM-based OS used in Microsoft's new tablet computer.
Another critical patch is for an Internet Explorer vulnerability that could be used in both drive-by and targeted attacks. An attacker would be able to compromise their system if the user visits a malicious web page.
Another flaw affects Microsoft Office. Listed as important, the vulnerability allows remote code execution if a victim opens a malicious Office document. This bulletin is listed as important because the attacker can't force the user to open a document; they would have to be socially engineered into opening it.
The six patches rectify 19 vulnerabilities found in Microsoft software. The patches will be released on Tuesday 13 November.
"Most organisations will be affected by these critical bulletins as they relate to legacy codebase that is present even in Microsoft's most recent releases, such as Windows 8 and Windows Server 2012," said Marcus Carey, a security researcher with Rapid7.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions. The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues."
Alongside the patches for Microsoft, Adobe is to release patches for vulnerabilities in its own products.
The software company will be releasing updates timed to coincide with Microsoft's patching schedule, rather than its previous policy of sending out updates as soon as they are ready.
"Starting with the next Flash Player security update, we plan to release regularly-scheduled security updates for Flash Player on 'Patch Tuesdays," the company said in a release.
The patches will fix seven critical flaws in Flash Player.
According to Chester Wisniewski ,security expert at Sophos, Flash Player remains one of the most exploited plug-ins used in drive by web attacks, and he said "it is sensible to update as soon as possible.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Apple, Meta hit back at EU after landmark DMA fines
News The European Commission has issued its first penalties under the EU Digital Markets Act (DMA), fining Apple €500 million and Meta €200m.
By Nicole Kobie
-
Enterprises are facing a ‘cloud security crisis’
News Businesses are facing a “cloud security crisis” fueled by increasingly fragmented hybrid environments, according to security firm Rubrik.
By Jane McCallion
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerability
News An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
By Ross Kelly
-
Adobe forced to patch its own failed security update
News Company issues new fix for e-commerce vulnerability after researchers bypass the original update
By Danny Bradbury
-
Ask more from your CMS
Whitepaper How to get the most value in the shortest timespan
By ITPro
-
Adobe battles fake photos with editing tags
News Photoshop will include new tagging tools later this year to help fight against misinformation and deep fakes
By Nicole Kobie
-
Adobe Photoshop Elements 2019 review: Trapped in the photo-editing middle ground
Reviews A once peerless beginner’s photo-editing package that’s past its prime
By Barry Collins
-
How Adobe saved BT £630,000
Sponsored Adobe’s digital signature platform is saving time and money - and forging stronger connections between businesses and customers
By ITPro
-
Don't settle when it comes to creativity
Sponsored Getting the best out of your creative design team means equipping them with the best software
By ITPro
-
The benefits of a subscription service
Sponsored Why software vendors are increasingly moving to a subscription model
By ITPro