Patch Tuesday’s are always pretty busy days for everyone on Windows based systems as it is the day that updates for security related issues are made available as well as firmware updates for Microsoft’s two Surface devices.
However, one area for security updates that will not have to wait for the second Tuesday of each month, which is when the regularly scheduled Patch Tuesday happens, is Microsoft’s collection of Modern (formerly known as Metro) Apps.
According to info posted today by Microsoft these apps will get security updates whenever they are available and a security advisory will also be released.
Windows Store App Security Updates (Microsoft Security Response Center)
With this in mind, we will deliver high quality security updates for Windows Store apps as they become available. This applies to Microsoft apps that are installed using the Windows Store and to apps like Mail, which are preinstalled with Windows 8 but updated using the Windows Store. Providing security updates to these apps more frequently will allow us to add new functionality, fix issues and improve security. This will also help developers to avoid introducing new issues during the update process.
Microsoft App Updates (TechNet)
Our security update policy has been adapted to align with the new model. It will apply to Microsoft apps that are installed using the Windows Store and to apps like Mail (preinstalled with Windows 8 but updated using the Windows Store). The policy changes are outlined as follows:
- App security updates can be delivered on days other than the second Tuesday of the month.
- App security updates will be documented in a standing security advisory that:
- Provides additional information and notifies customers that an update is available for them to install.
- Is accompanied by a unique Microsoft Knowledge Base (KB) article number for reference to details about the changes.
- When the same vulnerability affects a traditional and an app version of a software application, we will make every effort to release updates to both applications simultaneously through our normal security update release process on the second Tuesday of the month, except when customer risk justifies releasing an out-of-band update.
Maybe eventually we will arrive at a point where all security updates are distributed whenever they are ready instead of all on one single day each month.
Would that be unmanageable?