Update: This seems to relate to the in-box applications, like Notepad, Paint etc. the core OS does seem to get an update over Windows Update/WSUS, but affected in-box apps won’t be update.
This is a scary one, Microsoft is now pushing out updates to the Windows in-box apps via the Microsoft Store. This means, if the Store is disabled, your machine won’t get patched.
I haven’t worked anywhere in the last decade, where the Store isn’t deactivated by group policy, so that means all of the users in those companies won’t be protected.
This seems like a very strange, and frightening move on Microsoft’s part. Surely critical Windows updates should be delivered over normal Windows update channels?
There appears to be insufficient info on this issue. I see recent updates provided by the store, but none of them look related to core OS functionality. I don’t know how I would know if the issue has been addressed or not.
hmm I must be missing something here. The Microsoft KB article associated with this vuln for Windows 11 (February 14, 2023—KB5022845 (OS Build 22621.1265) - Microsoft Support) lists the KB as available via Windows Update and Microsoft Update, along with WSUS and the other typical patch distribution methods. I don’t actually see anything about the store listed.
Interesting, I just re-read the CVE page I linked to.
It seems that the core OS gets the update, but the built-in apps don’t get patched for this issue, any apps that are affected need to get their updates from the Store.
The problem being, a lot of those apps are pre-installed and cannot access the Store to ever get updated.
