Patch Tuesday signals play time for Windows XP hackers
Those who’re still running Windows XP are about to face a substantially higher level of risk now that Microsoft’s first Patch Tuesday since end of support has passed. Yesterday’s update saw several critical vulnerabilities patched in Windows Vista, Windows 7 and Windows 8, and at least half of them are thought to affect XP, which didn’t receive the patch.
Also at risk are Microsoft Office 2003 users. That product also stopped receiving updates in April, and later versions of Office received two updates yesterday. According to ZDnet, Office 2003 is likely to be affected by one of these, although the vulnerability is described as “non-critical”.
A third Microsoft product, SharePoint Portal Server 2003, also saw support cease at the end of last month. As a result, it could now be left open to three critical vulnerabilities that were patched in SharePoint Server 2007, 2010 and 2013 versions, plus SharePoint Designer, SharePoint Server 2013 Client Components SDK, and Office Web Apps.
Microsoft says cybercriminals are already exploiting three of these vulnerabilities in the wild, while a fourth has now been publicly disclosed. The most critical of these is MS14-029, which is described as “almost certainly” affecting Windows XP.
Patch Tuesday is a crucial milestone because it arms hackers with everything they need to be able to exploit these security flaws on Windows XP. Cybercriminals can compare the system image of more recent Windows operating systems like Windows 7, and then cross-reference this with Windows XP’s code to deduce if it is also vulnerable. Once they’ve found a flaw, it’s relatively simple for an experience coder to write an exploit for Windows XP machines.
“Before Microsoft stopped pushing patches to XP, it was rare for an update to fix one or more newer editions of Windows, but not patch XP at the same time,” noted Computerworld.
But Microsoft has moved on from Windows XP, and there’s an urgent need for customers to do the same. It’s believed that something like a quarter of all PCs are still running XP, and with about half of these vulnerabilities affecting the OS, the risk of these machines being hacked or hijacked has never been greater than it is now.
photo credit: Kurt Christensen via photopin cc
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
