Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Cloud Computing
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Last Security Patches Coming Tuesday for XP, Office 2003
Last Security Patches Coming Tuesday for XP, Office 2003

By Jennifer LeClaire
April 4, 2014 1:40PM

    Bookmark and Share
"As everyone should know by now, there are a good number of known, severe issues still present in Windows XP," said security expert Ross Barrett. "In some cases Microsoft has been sitting on these responsibly disclosed cases for a number of years. This is officially their last chance to patch them for a solid 27 percent of the Windows users out there."
 



That's a wrap. Microsoft is closing the books on Windows XP and Office 2003 support, offering its last update to the software on Tuesday.

Microsoft will deliver four security bulletins. Two are rated critical and two are rated important. The bulletins cover Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps, Microsoft Windows, and Internet Explorer.

"This month is a low count of what seem to be fairly serious security holes," Ken Pickering, director of engineering at CORE Security, told us. "Targeting Office, Windows, and IE, they're affecting products with the most market share in the Microsoft universe. Requiring a restart and including a core window service vulnerability is always troublesome, as it typically delays rollout."

Last Hurrah

We also asked Ross Barrett, a senior manager of security engineering at Rapid7, for his thoughts on next Tuesday's release. He told us this is indeed the last hurrah for the once-beloved XP. He called April 8 the "last kick at the can" for Windows XP.

"As everyone should know by now, there are a good number of known, severe issues still present in Windows XP," Barrett said. "In some cases Microsoft has been sitting on these responsibly disclosed cases for a number of years. This is officially their last chance to patch them for a solid 27 percent of the Windows users out there in the world."

Barrett recommends prioritizing the Windows patch. He's also asking a pointed question: Does it seem like responsible disclosure of Windows XP vulnerabilities would allow for the public disclosure of any known vulnerabilities at this point? Although he's clear that he's not advocating for that sort of disclosure, he said he can see how others with a more militant stance might take a different approach.

Pwn2Own Fallout Continues

We caught up with Russ Ernst, director of product management at security solutions firm Lumension, to get his take on the final Patch Tuesday for Windows XP and Office 2003. He told us this will be an important Patch Tuesday for users who rely on this outdated code that moves to self-support this month.

"Most notably, Microsoft has closed the loop on the MS Word vulnerability addressed in last week's advisory, 2953095," Ernst said. "This is a critical vulnerability that could allow remote code execution if a user opens a RTF file in Word 2010 or in Outlook while using Word as the email viewer. Known to be under active attack, a hacker using this vulnerability could gain user rights."

As if pushing patches for these new vulnerabilities while working a migration plan for XP and Office 2003 users weren't enough, Ernst noted that administrators are still dealing with the fallout from the recent Pwn2Own competition, which revealed vulnerabilities in all of the major browsers and in Adobe's Flash Player plug-in.

"With security updates coming from so many sources this month, IT will be challenged to effectively prioritize their rollouts," he said. "The best thing to do is to maintain your patch process, and consider consolidating to a single allowed browser as part of your migration plan to the latest OS."
 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Cloud Computing
1.   Microsoft, IBM Cloud Catching AWS
2.   Yammer Moved to Office 365
3.   IBM, California Partner in the Cloud
4.   Dropbox for Business Boosts Security
5.   Avaya Pressing Hard on Cloud-Based UC


advertisement
Amazon Intros Zocalo Storage Service
Online storage and sharing for business.
Average Rating:
Avaya Pressing Hard on Cloud-Based UC
Provides easier, faster provisioning.
Average Rating:
Cisco Woos More Devs with DevNet
To create new network-aware apps.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Watson Gets His First Customer Service Gig
Since appearing on Jeopardy, IBM's Watson supercomputer has been making a living using his super-intelligent knowledge base for business verticals. Now, Watson's been hired for his first customer service job.
 
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 

Mobile Technology Spotlight
FTC Wants Fix for 'Perfect Scam' of Mobile Cramming
The U.S. Federal Trade Commission has issued new guidelines to curb “mobile cramming,” a troublesome practice that adds unauthorized third-party charges to mobile phone bills.
 
BlackBerry Buys German Security Firm Secusmart
Looking to burnish its business reputation, BlackBerry has agreed to buy a German mobile security company that specializes in voice/data encryption as well as anti-eavesdropping solutions.
 
Stanford Researchers Report Battery Breakthrough
Stanford researchers have found a way to use lithium in a battery's anode, a breakthrough that could triple capacity and has been described as the "holy grail of battery science."
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.