Windows 8 and Windows RT are subject to critical vulnerabilities that will be addressed on Microsoft‘s Patch Tuesday next week, both by virtue of supporting Internet Explorer 10.The bulletin for the vulnerabilities addresses similar problems in all versions of Internet Explorer from IE6 through IE10. That means affected operating systems include XP, Vista, Windows 7 and Windows 8.[ NAVIGATE: 12 essential Windows 8 keyboard shortcutsHELP: Windows 8: How to solve the Start Button dilemma ] “This is one of the few bulletins this month that has a critical impact on the current code, hitting Windows 8, Windows RT and Windows 7 with a critical remote code execution issue,” says Paul Henry, a security and forensic analyst at Lumension. “We recommend that this bulletin be your first patch and you should update Internet Explorer while you’re at it.”Browser vulnerabilities can lead to exploits being downloaded from infected websites that allow executing remote code on affected machines. The vulnerability affects all Windows desktops, “making it very much the bulls-eye for would be attackers,” says Alex Horan, a senior product manager at CORE Security. There is second critical bulletin this month that affects Windows XP, Vista and Windows 7. “This bulletin does not affect Windows 8 or RT, but will likely still impact a lot of people because many have not yet upgraded to those operating systems,” Henry says.Seven more bulletins are rated important, which means they could be exploited to compromise user data. One of those affects Windows Defender, which is part of the security package in Windows 8 and Windows RT. “Windows Defender is an important security component for the new operating systems, so it’s a little concerning to see it impacted here, even if only at an ‘important’ rather than critical level. If you’re running either of those systems, I would patch this important bulletin first,” says Henry. It’s not clear what the issue is with Windows Defender.Another bulletin rated important “may also represent one of the first reported vulnerabilities for Microsoft Office Web Apps 2010, which would be significant in and of itself,” Horan says.Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.Read more about software in Network World’s Software section. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe