Members
Stats
  • Total Posts: 28513
  • Total Topics: 8240
  • Online Today: 816
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Download last patches for Windows XP  (Read 1037 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Download last patches for Windows XP
« on: 10. April 2014., 19:26:40 »


This Patch Tuesday has much more significance than most. With only four security bulletins from Microsoft, it's relatively tame as far as Patch Tuesdays go, but today also marks the final patches and updates from Microsoft for Windows XP: http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

“So this is it, the last hurrah for the once beloved XP, the last kick at the can for patching up the old boat,” says Ross Barrett, senior manager of security engineering for Rapid7. “Sure, by today’s standards it’s a leaky, indefensible, liability, but… hey, do you even remember Windows 98? Or (*gasp*) ME?”

There are two Critical bulletins and two Important. All of them are capable of enabling remote code execution if successfully exploited.

The most urgent update is MS14-017 because one of the vulnerabilities it addresses is currently being exploited in the wild. Simply opening a malicious RTF file in Word can compromise a vulnerable system and enable the attacker to install and execute other malicious code.

The other Critical issue affects Windows XP, but it’s actually the cumulative patch for Internet Explorer (MS14-018) and impacts all versions of Internet Explorer except IE10. The update addresses six different vulnerabilities, any of which could be exploited remotely to enable an attacker to remotely execute code with the same rights and privileges as the logged in user.

The update for Windows—MS14-019—is related to a publicly disclosed vulnerability in the Windows file handling component. In order to exploit it, an attacker has to lure users into navigating to a malicious network directory and somehow trick them into executing the malicious file. “Because this requires that attackers convince users to run a specially crafted .BAT or .CMD file provided by the attacker, this bulletin is of low priority,” says Marc Maiffret, CTO of BeyondTrust.

Finally, there is MS14-020, which deals with a privately disclosed vulnerability in Microsoft Publisher. Publisher is one of the less used applications in the Microsoft Office suite, and an attacker would have to trick a user into opening a specially crafted malicious file in Publisher to exploit it, so the risk isn't too high. A successful attack will allow remote code execution with the same privileges as the logged in user, though, so there is still cause for concern.

Windows XP is going quietly, it seems. Russ Ernst, director of product management for Lumension, notes, “If the exit of Windows XP sounds a little uneventful, keep in mind that administrators are still dealing with the fallout from the recent Pwn2Own competition, which revealed vulnerabilities in all of the major browsers and in Adobe’s Flash Player plug-in.”

Regardless, future Patch Tuesdays will likely have far more significance for XP holdouts because each one will now be an opportunity for attackers to reverse engineer patches for supported versions of Windows to find the vulnerability, determine if that same flaw exists in Windows XP, and develop an exploit for it. And with no more bail-outs from Microsoft, those vulnerabilities will last forever.

If you’re one of the holdouts who refuse to surrender Windows XP, you should at least be aware of the heightened security risks. A recent post on the Microsoft Security Blog highlights the primary security concerns and provides some mitigations and precautions for those who intend to continue using the operating system: http://blogs.technet.com/b/security/archive/2014/03/24/cyber-threats-to-windows-xp-and-guidance-for-small-businesses-and-individual-consumers.aspx

(PCW)

Samker's Computer Forum - SCforum.info

Download last patches for Windows XP
« on: 10. April 2014., 19:26:40 »




devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: Download last patches for Windows XP
« Reply #1 on: 10. April 2014., 19:35:46 »
Should have happened 10 years ago.

Good riddance, bye bye XP.
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising