Microsoft Patch Tuesday bids adieu to Windows XP
Microsoft will no longer issue security patches for Windows XP
IDG News Service - This month's "Patch Tuesday" includes the final round of security fixes Microsoft will issue for Windows XP, potentially leaving millions that continue to use the OS open to attack.
XP will become an easy target for attackers now that Microsoft has stopped supporting it, said Wolfgang Kandek, CTO for IT security firm Qualys.A The OS will no longer receive fixes for holes that Microsoft and others might find in the OS. Moreover, attackers will be able to reverse engineer patches issued for newer versions of Windows, giving them clues to the remaining unfixed vulnerabilities in XP, Kandek said.
Microsoft has acknowledged the problem and has been pushing hard to get users onto newer versions of Windows.
"If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses," it said in an advisory.
Its efforts haven't always been successful. Qualys compiled data from 6,700 companies and found that use of XP still represents a sizable portion of OSes running in the enterprise.A About one-fifth of companies in finance, for instance, still use XP -- a surprisingly large number for an industry handling sensitive data. A
In retail, 14 percent of PCs still run XP, and in heath care the figure is 3 percent.
Organizations may be holding off on updating for a number of reasons, Kandek said. Some didn't realize support was closing and are just now putting a migration plan in place. Others may be taking a calculated risk, saving on the cost of an upgrade and trying to minimize exposure by limiting access to the Internet and through other measures.
In addition to ending support for XP, Microsoft is no longer supporting Office 2003 or Internet Explorer 8.
The company released four security updates altogether on Tuesday. They cover 11 vulnerabilities in Windows, Internet Explorer, Microsoft Office and Microsoft Publisher. Two of the updates are marked as critical. One of those, MS14-018, fixes a number of issues with Internet Explorer. The other, MS14-017, addresses critical vulnerabilities in Microsoft Word and Office Web Apps. They include a zero day in how Office 2010 handles documents encoded in the Rich Text Format.
Even after that fix is applied, organizations might want to disable Word's ability to open RTF files, if those types of files aren't routinely used, Kandek advised.A
The two other updates in April's round of patches were marked important. One of them, MS14-020, handles a vulnerability in the company's Publisher program. The other, MS14-019, covers how Windows, including XP, handles files.
Kandek also advised administrators to apply the patch Adobe issued Tuesday for a serious vulnerability in its Flash multimedia software.
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- IDC MarketScape: Worldwide Client Virtualization Software 2013 Vendor Assessment IDC has placed Citrix in the 2013 IDC MarketScape Leaders Category once again noting that, "Citrix's position reflects the company's market leadership and...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cyberwarfare White Papers | Webcasts