This new policy from Microsoft is significant for businesses that rely on Microsoft platforms and devices. Six months is still a long time for a vulnerability to be in place--especially Critical or Important vulnerabilities that can potentially be exploited to execute malicious code remotely--but the policy shows Microsoft's continued commitment to security. The policy applies to all apps available through the Windows Store, Windows Phone Store, Office Store, or Azure Marketplace."
The policy does not, however, apply to vulnerabilities that are being actively exploited in the wild. Flaws that pose an imminent or ongoing threat are handled with greater urgency. According to a blog post from Microsoft, "In those cases, we'll work with the developer to have an update available as soon as possible and may remove the app from the store earlier."
If you have Automatic Updates enabled, sit back and relax, but plan on your system rebooting at some point to finish applying all of the necessary patches. If you don't use Automatic Updates, get cracking! You've got a lot of Critical patches to install.
Sign up for CIO Asia eNewsletters.