Skip to main content


Microsoft App Updates

When Microsoft decided to make apps available through the Windows Store as part of Windows 8, we thought long and hard about the implications for our security update policy. We knew app updates would have to differ from traditional security updates (delivered on the second Tuesday of each month and often the primary or only updates made to a program).

The Windows Store introduces a model in which regular updates are a normal part of using software. Apps are updated frequently to add new functionality, fix bugs, and improve security. Improved Application Programming Interface (API) and security models help developers avoid introducing new bugs in updates. The operative expectation: quick and painless updates.

How the app update policy has changed

Our security update policy has been adapted to align with the new model. It will apply to Microsoft apps that are installed using the Windows Store and to apps like Mail (preinstalled with Windows 8 but updated using the Windows Store). The policy changes are outlined as follows:

  • App security updates can be delivered on days other than the second Tuesday of the month.

  • App security updates will be documented in a standing security advisory that:

    • Provides additional information and notifies customers that an update is available for them to install.

    • Is accompanied by a unique Microsoft Knowledge Base (KB) article number for reference to details about the changes.

    • When the same vulnerability affects a traditional and an app version of a software application, we will make every effort to release updates to both applications simultaneously through our normal security update release process on the second Tuesday of the month, except when customer risk justifies releasing an out-of-band update.

What this policy means for monthly security updates

The policy changes described here do not change the way we update traditional software such as Windows itself, for which updates will continue to be released on the second Tuesday of the month with an accompanying security bulletin or in out-of-band updates when circumstances dictate.

Microsoft is committed to preserving the attributes valued in our traditional update policy while adapting security update releases to meet broader customer expectations around apps available through the Windows Store.

Featured Download

Get inside information on how we manage vulnerabilities to help protect our customers.

MSRC Blogs

BlueHat Archive

See past BlueHat Sessions

BlueHat v12

BlueHat v11

BlueHat v10

BlueHat v9

BlueHat v8