Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 13 MINUTES AGO.
You are here: Home / Cloud Computing / Last Fixes Tuesday for XP, Office 2003
Last Security Patches Coming Tuesday for XP, Office 2003
Last Security Patches Coming Tuesday for XP, Office 2003
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
04
2014

That's a wrap. Microsoft is closing the books on Windows XP and Office 2003 support, offering its last update to the software on Tuesday.

Microsoft will deliver four security bulletins. Two are rated critical and two are rated important. The bulletins cover Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps, Microsoft Windows, and Internet Explorer.

"This month is a low count of what seem to be fairly serious security holes," Ken Pickering, director of engineering at CORE Security, told us. "Targeting Office, Windows, and IE, they're affecting products with the most market share in the Microsoft universe. Requiring a restart and including a core window service vulnerability is always troublesome, as it typically delays rollout."

Last Hurrah

We also asked Ross Barrett, a senior manager of security engineering at Rapid7, for his thoughts on next Tuesday's release. He told us this is indeed the last hurrah for the once-beloved XP. He called April 8 the "last kick at the can" for Windows XP.

"As everyone should know by now, there are a good number of known, severe issues still present in Windows XP," Barrett said. "In some cases Microsoft has been sitting on these responsibly disclosed cases for a number of years. This is officially their last chance to patch them for a solid 27 percent of the Windows users out there in the world."

Barrett recommends prioritizing the Windows patch. He's also asking a pointed question: Does it seem like responsible disclosure of Windows XP vulnerabilities would allow for the public disclosure of any known vulnerabilities at this point? Although he's clear that he's not advocating for that sort of disclosure, he said he can see how others with a more militant stance might take a different approach.

Pwn2Own Fallout Continues

We caught up with Russ Ernst, director of product management at security solutions firm Lumension, to get his take on the final Patch Tuesday for Windows XP and Office 2003. He told us this will be an important Patch Tuesday for users who rely on this outdated code that moves to self-support this month.

"Most notably, Microsoft has closed the loop on the MS Word vulnerability addressed in last week's advisory, 2953095," Ernst said. "This is a critical vulnerability that could allow remote code execution if a user opens a RTF file in Word 2010 or in Outlook while using Word as the email viewer. Known to be under active attack, a hacker using this vulnerability could gain user rights."

As if pushing patches for these new vulnerabilities while working a migration plan for XP and Office 2003 users weren't enough, Ernst noted that administrators are still dealing with the fallout from the recent Pwn2Own competition, which revealed vulnerabilities in all of the major browsers and in Adobe's Flash Player plug-in.

"With security updates coming from so many sources this month, IT will be challenged to effectively prioritize their rollouts," he said. "The best thing to do is to maintain your patch process, and consider consolidating to a single allowed browser as part of your migration plan to the latest OS."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CLOUD COMPUTING

NETWORK SECURITY SPOTLIGHT
A state prosecutor's office in Pennsylvania was among hundreds of thousands of victims of a now-shuttered international cybercrime operation, paying nearly $1,400 in a bitcoin ransom.
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.