Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Windows XP's vulnerability underscored by latest Patch Tuesday update

Penultimate patches as clock reaches 11.59pm

Article comments

Microsoft’s latest Patch Tuesday features a raft of fixes for flaws in Windows XP, something that bodes ill for hold-out users determined to stick with the OS, experts have warned.

Windows XP’s end of life (EOL) cut off is less than a month away and still the vulnerabilities keep coming, with all five bulletins, MS14-012 to MS14-016, touching XP in some way.

The most important by far is MS14-012, a family of 18 remote execution flaws that affect all versions of XP running Internet Explorer from the ancient IE6 on to IE11 on Windows 8.1. It also fixes the non-XP IE10 zero-day issue (CVE-2014-0322) disclosed by security firm FireEye last month and used by the ‘Operation Snowman’ cyberattackers.

MS14-013, the second remote execution flaw rated 'critical', affects all versions of Windows, leaving the merely ‘important’ MS14-015 and 16 affecting various versions of Windows, including XP of course; MS14-014 fixes a privately-reported flaw in Silverlight 5.

Despite this counting as a light Patch Tuesday, the fact remains that it will be the second last security patch XP users will ever receive from Microsoft, something security experts commented on.

“We are now less than 28 days away from the final set of patches that XP will receive. Nevertheless, we are not seeing a reduction in vulnerabilities,” said Qualys CTO, Wolfgang Kandek.

“All of today's bulletins apply to Windows XP and there is really no reason to expect any change in the near future: the majority of vulnerabilities found in the Windows OS and IE will apply also to Windows XP, but IT admins won't have access to patches for these problems anymore.

“This will make any Windows XP machine an easy target for attackers, and within a few weeks, new tools will be developed that make these exploits widely available,” he said.

Sources disagree on the scale of the XP installed base, but Qualys’s numbers (which are skewed towards large enterprises) suggest that it will still be around 10 percent by 'end of life day' on 8 April.

Kandek recommended that admins determined to plough on with XP investigate Microsoft’s EMET 5 (Enhanced Mitigation Experience Toolkit), which offered a way of locking down XP to some extent.

Separately, US-CERT has recommended that anyone using XP beyond next month consider ditching Internet Explorer 6, 7 and 8 in favour of a third-party browser, good advice given the level of exposure demonstrated by March’s patches; browsers such as Chrome and Firefox will continue to be patched for at least a year beyond EOL.

Such is the scale of the often-pirated XP installed base in China, Microsoft recently announced that it would make an exception and continue to support it through partners without going into detail as to how that will be delivered. The company also noted that 70 percent of Chinese users had never installed a single security update for XP.

XP’s support ends in April but the story of its security woes will go on, possibly for many years. But XP won't be completely forgotten inside Microsoft. The firm recently celebrated the effect XP’s rapid security re-engineering had on the company a decade ago in its Security Development Lifecycle (SDL) website.



Share:

More from Techworld

More relevant IT news

Comments

Haemon said: Your just now suggesting users who insist on using XP still to switch to third party browsers Ive been pushing third party browsers for security before Vista released



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *