November 21, 2024

Microsoft to Release Critical IE Patch Next Week

Posted on March 7, 2014 by in Security

Microsoft plans to release five security bulletins next week for this month’s Patch Tuesday, including a fix for a security vulnerability used in attacks against Internet Explorer 10.

That vulnerability, which was described in Security Advisory 2934088, was spotted being used in watering hole attacks during the past few weeks. The bug also affects Internet Explorer 9, and could be exploited if the victim is tricked into visiting a compromised Website. Customers using other versions of IE are not impacted, Microsoft noted.

In addition to the IE bulletin, Microsoft will release one other critical bulletin for Windows. The other three bulletins are rated ‘important’ and affect Microsoft Windows and Microsoft Silverlight.

“The March patch list is small, with only five bulletins, but they are certainly significant,” said Ken Pickering, director of engineering at CORE Security. “There are two bulletins listed as ‘critical’ with remote code executions, one on Internet Explorer and one on a series of Windows versions. These types of bulletins need immediate attention and a reboot, which is always a headache for IT teams. Bulletin 5 only affects Silverlight, and aside from using it to stream House of Cards on Netflix, doesn’t have a big impact.”

“Windows XP is affected by all five updates, and there is really no reason to expect this picture to change; Windows XP will continue to be impacted by the majority of vulnerabilities found in the Windows ecosystem, but you will not be able to address the issues anymore,” blogged Wolfgang Kandek, CTO of Qualys. “Windows XP is getting its penultimate update and is now very close (just over 30 days) to its declared end-of-life date…so you need a strategy for the XP machines remaining in your infrastructure.”

The Patch Tuesday updates will be released March 11.

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:


SecurityWeek RSS Feed

Intel, HP make for the finish of days — Windows XP’s, which is

Posted on December 4, 2013 by in Blog

As the sun sets on support for Windows XP nears, Hewlett-Packard and Intel executives say they’re looking to new horizons.
In case you’ve been living under a rock, support for Windows XP ends on April 8, 2014.
And Microsoft has a message for you: “If your organization has not started the migration to a modern desktop, you are late,” the company says on its Support Ends Web page.
That has HP and Intel, not surprisingly, giddy with the prospects of upgrades to new hardware.
Here’s what Meg Whitman, HP’s CEO, said earlier this week during the company’s earnings conference call, responding to an analyst’s question.
“So, we’re leading…the migration off of XP. And we actually — I think, Microsoft would probably tell you — we’re among the leaders in terms of spearheading that migration. We’ve been on this for well over a year, and it’s actually going pretty well,” she said.
And Intel’s general manager of the PC Client Group, Kirk Skaugen, speaking the week before, isn’t exactly rueing the day, either.
“Remember, Windows XP [support] end of life is in April so we have confidence that the business refresh which typically comes with a hardware upgrade is heading our way…whether they move to Windows 7 or Windows 8.1 that’s a big change for business,” he said during the company’s investor meeting.”
The operating-system-that-won’t-die has been around since 2001. It got a new lease on life when its successor, Vista, was declared a disaster back in 2006.
There are still plenty of XP users out there, according to an unscientific poll CNET conduced in June.
New November data from Net Applications shows XP stubbornly holding onto a 31 percent desktop market share.
So, you have to wonder, how many of those polled earlier by CNET want to keep utilizing XP? Chances exist are over a limited.
Are they as giddy at the prospects as HP and Intel? We’ll find out on April 8.
New information shows XP carrying about to a big percentage of desktops. Photo by: ( Net Applications)