Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Microsoft previews last Patch Tuesday update for Windows XP


Microsoft has released an advance notification for coming Patch Tuesday updates, which will, for the last time, include fixes for bugs in Windows XP.

As scheduled, on April 8, the company will pull the plug on support for the 12-year-old operating system, in a move to usher users to more modern systems, like Windows 7 and newer. Security experts and Microsoft alike have continued to warn users of the increased risks subjected to XP systems when they reach their end-of-life, particularly as a significant showing of individuals and enterprises remain on XP.

Next Tuesday, Microsoft plans to release four security bulletins in total for users – two ranked critical and two important.

In particular, bulletins 2 and 3 remediate security issues affecting Windows, including XP versions of the operating system, that could allow remote code execution (RCE). This month, Microsoft's Patch Tuesday release will address only RCE vulnerabilities in company products, according to the Thursday advance notification.

Also of note, one of the critical patches, bulletin 1, is expected to fix a zero-day vulnerability in Word 2010 that has already been exploited in limited, targeted attacks.

Last month, Microsoft alerted users to the RCE flaw, (CVE-2014-1761), which could be exploited when a user opens a malicious rich text format (RTF) file, or previews or opens a malicious RTF email message in Outlook while using Word as the email viewer.

The patch for Word 2010 will bring a permanent solution for users to replace Microsoft's temporary fix, or workaround, issued last week.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.