Menu
Microsoft Patch Tuesday bids adieu to Windows XP

Microsoft Patch Tuesday bids adieu to Windows XP

Microsoft will no longer issue security patches for Windows XP

This month's "Patch Tuesday" includes the final round of security fixes Microsoft will issue for Windows XP, potentially leaving millions that continue to use the OS open to attack.

XP will become an easy target for attackers now that Microsoft has stopped supporting it, said Wolfgang Kandek, CTO for IT security firm Qualys. The OS will no longer receive fixes for holes that Microsoft and others might find in the OS. Moreover, attackers will be able to reverse engineer patches issued for newer versions of Windows, giving them clues to the remaining unfixed vulnerabilities in XP, Kandek said.

Microsoft has acknowledged the problem and has been pushing hard to get users onto newer versions of Windows.

"If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses," it said in an advisory.

Its efforts haven't always been successful. Qualys compiled data from 6,700 companies and found that use of XP still represents a sizable portion of OSes running in the enterprise. About one-fifth of companies in finance, for instance, still use XP -- a surprisingly large number for an industry handling sensitive data.

In retail, 14 percent of PCs still run XP, and in heath care the figure is 3 percent.

Organizations may be holding off on updating for a number of reasons, Kandek said. Some didn't realize support was closing and are just now putting a migration plan in place. Others may be taking a calculated risk, saving on the cost of an upgrade and trying to minimize exposure by limiting access to the Internet and through other measures.

In addition to ending support for XP, Microsoft is no longer supporting Office 2003 or Internet Explorer 8.

The company released four security updates altogether on Tuesday. They cover 11 vulnerabilities in Windows, Internet Explorer, Microsoft Office and Microsoft Publisher. Two of the updates are marked as critical. One of those, MS14-018, fixes a number of issues with Internet Explorer. The other, MS14-017, addresses critical vulnerabilities in Microsoft Word and Office Web Apps. They include a zero day in how Office 2010 handles documents encoded in the Rich Text Format.

Even after that fix is applied, organizations might want to disable Word's ability to open RTF files, if those types of files aren't routinely used, Kandek advised.

The two other updates in April's round of patches were marked important. One of them, MS14-020, handles a vulnerability in the company's Publisher program. The other, MS14-019, covers how Windows, including XP, handles files.

Kandek also advised administrators to apply the patch Adobe issued Tuesday for a serious vulnerability in its Flash multimedia software.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityWindowssoftwareoperating systems

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments