HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 7 MINUTES AGO.
You are here: Home / Microsoft/Windows / Last Fixes Tuesday for XP, Office 2003
Verisign DDOS SOLUTION:
Detection Capabilities, Mitigation Techniques & Proven Technology.
www.verisigninc.com
Last Security Patches Coming Tuesday for XP, Office 2003
Last Security Patches Coming Tuesday for XP, Office 2003
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
04
2014
That's a wrap. Microsoft is closing the books on Windows XP and Office 2003 support, offering its last update to the software on Tuesday.

Microsoft will deliver four security bulletins. Two are rated critical and two are rated important. The bulletins cover Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps, Microsoft Windows, and Internet Explorer.

"This month is a low count of what seem to be fairly serious security holes," Ken Pickering, director of engineering at CORE Security, told us. "Targeting Office, Windows, and IE, they're affecting products with the most market share in the Microsoft universe. Requiring a restart and including a core window service vulnerability is always troublesome, as it typically delays rollout."

Last Hurrah

We also asked Ross Barrett, a senior manager of security engineering at Rapid7, for his thoughts on next Tuesday's release. He told us this is indeed the last hurrah for the once-beloved XP. He called April 8 the "last kick at the can" for Windows XP.

"As everyone should know by now, there are a good number of known, severe issues still present in Windows XP," Barrett said. "In some cases Microsoft has been sitting on these responsibly disclosed cases for a number of years. This is officially their last chance to patch them for a solid 27 percent of the Windows users out there in the world."

Barrett recommends prioritizing the Windows patch. He's also asking a pointed question: Does it seem like responsible disclosure of Windows XP vulnerabilities would allow for the public disclosure of any known vulnerabilities at this point? Although he's clear that he's not advocating for that sort of disclosure, he said he can see how others with a more militant stance might take a different approach.

Pwn2Own Fallout Continues

We caught up with Russ Ernst, director of product management at security solutions firm Lumension, to get his take on the final Patch Tuesday for Windows XP and Office 2003. He told us this will be an important Patch Tuesday for users who rely on this outdated code that moves to self-support this month.

"Most notably, Microsoft has closed the loop on the MS Word vulnerability addressed in last week's advisory, 2953095," Ernst said. "This is a critical vulnerability that could allow remote code execution if a user opens a RTF file in Word 2010 or in Outlook while using Word as the email viewer. Known to be under active attack, a hacker using this vulnerability could gain user rights."

As if pushing patches for these new vulnerabilities while working a migration plan for XP and Office 2003 users weren't enough, Ernst noted that administrators are still dealing with the fallout from the recent Pwn2Own competition, which revealed vulnerabilities in all of the major browsers and in Adobe's Flash Player plug-in.

"With security updates coming from so many sources this month, IT will be challenged to effectively prioritize their rollouts," he said. "The best thing to do is to maintain your patch process, and consider consolidating to a single allowed browser as part of your migration plan to the latest OS."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
High Quality CRM Data: Prevent, detect and fix errors at the point of data entry for Dynamics CRM. Trillium Software helps you achieve an accurate, synchronized, single view of customers. It's time to trust your data. Take a product tour and read CRM Analyst opinions here.
MORE IN MICROSOFT/WINDOWS
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Apple is taking the iCloud hack that revealed naked selfies of celebrities seriously, adding new security tools to keep its cloud safe. But there’s still fallout from the early-September iCloud hack.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.