Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft to release four patches on XP D-Day

by The Gurus
April 4, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft will release four bulletins next Tuesday, two of which are rated as critical and two rated as important.
 
On the day when the final patches are released for Windows XP and Office 2003, these updates address issues in Microsoft Windows, Office and Internet Explorer.
 
Among the fixes is MS14-017 which fully addresses the Microsoft Word issue first described in Security Advisory 2953095, after an emergency fix was issued in late March. “Once the security update is applied, you should disable the Fix it to ensure RTF files will again render normally,” said Dustin Childs, group manager of response communications at Microsoft Trustworthy Computing. “At this time, we are still only aware of limited, targeted attacks directed at Microsoft Word 2010.”
 
Commenting, Tyler Reguly, manager of security research for Tripwire, said: “Given that this is the last time we’ll see Windows XP patched, it’s surprising to see the issues they’re fixing. After you filter out Office and IE, we’re only going to have one operating system update next week.
 
“This month it’ll be interesting to see how many attackers have been holding on to XP zero-days waiting for this day to come. If a major critical issue is released, will Microsoft issue another update or will they hold fast to their planned end of support for Windows XP?”
 
Wolfgang Kandek, CTO of Qualys, said: “This low total number is very atypical, and at least 30 per cent under the numbers for last year – in April of 2013 we were at 36 bulletins and in 2012 we had 20 bulletins. At the same time there is no shortage of vulnerabilities as we have seen at last month’s CanSecWest, where literally all software packages (Java excepted) fell to security researchers who received cash prizes between $75,000 and $100,000.
 
“But back to this month, all of them enable ‘Remote Code Execution’. Bulletin #1 addresses the current zero-day vulnerability (KB2953095) in Microsoft Word. Bulletin #2 is a new version of Internet Explorer, applicable to all versions of IE starting with IE6 on XP to IE11 on Windows 8.1 and RT.
 
“Bulletin #3 and Bulletin #4 are the both rated ‘important’, but Bulletin #3 is the more urgent one. It affects all versions of Windows and can be used to gain Remote Code Execution. Bulletin #4 addresses a problem in Publisher 2003 and 2007, which is a software package that we do not see widely installed.”
 
Reguly said: “The Publisher bulletin is the perfect example of the kind updates that Microsoft wants to issue. The latest versions of the product aren’t affected, which means that it perfectly supports Microsoft’s recommended security advice, ‘Always run the latest products’.”

FacebookTweetLinkedIn
Tags: PatchVulnerabilityWindowsXP
ShareTweetShare
Previous Post

Experian denies database hack

Next Post

New Zeus variant includes legitimate digital signature

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information