Posts tagged Operating Systems

Microsoft Patch Tuesday bids adieu to Windows XP

Microsoft will no longer issue security patches for Windows XP

This month’s “Patch Tuesday” includes the final round of security fixes Microsoft will issue for Windows XP, potentially leaving millions that continue to use the OS open to attack.

XP will become an easy target for attackers now that Microsoft has stopped supporting it, said Wolfgang Kandek, CTO for IT security firm Qualys.A The OS will no longer receive fixes for holes that Microsoft and others might find in the OS. Moreover, attackers will be able to reverse engineer patches issued for newer versions of Windows, giving them clues to the remaining unfixed vulnerabilities in XP, Kandek said.

Microsoft has acknowledged the problem and has been pushing hard to get users onto newer versions of Windows.

“If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses,” it said in an advisory.

Its efforts haven’t always been successful. Qualys compiled data from 6,700 companies and found that use of XP still represents a sizable portion of OSes running in the enterprise.A About one-fifth of companies in finance, for instance, still use XP — a surprisingly large number for an industry handling sensitive data. A

In retail, 14 percent of PCs still run XP, and in heath care the figure is 3 percent.

Organizations may be holding off on updating for a number of reasons, Kandek said. Some didn’t realize support was closing and are just now putting a migration plan in place. Others may be taking a calculated risk, saving on the cost of an upgrade and trying to minimize exposure by limiting access to the Internet and through other measures.

In addition to ending support for XP, Microsoft is no longer supporting Office 2003 or Internet Explorer 8.

The company released four security updates altogether on Tuesday. They cover 11 vulnerabilities in Windows, Internet Explorer, Microsoft Office and Microsoft Publisher. Two of the updates are marked as critical. One of those, MS14-018, fixes a number of issues with Internet Explorer. The other, MS14-017, addresses critical vulnerabilities in Microsoft Word and Office Web Apps. They include a zero day in how Office 2010 handles documents encoded in the Rich Text Format.

Even after that fix is applied, organizations might want to disable Word’s ability to open RTF files, if those types of files aren’t routinely used, Kandek advised.A

The two other updates in April’s round of patches were marked important. One of them, MS14-020, handles a vulnerability in the company’s Publisher program. The other, MS14-019, covers how Windows, including XP, handles files.

Kandek also advised administrators to apply the patch Adobe issued Tuesday for a serious vulnerability in its Flash multimedia software.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Microsoft extends Windows Server 2008 support by 18 months

Again nags users to dump Windows XP and move to Windows 7 — but stays mum about Windows 8

Microsoft has extended mainstream support for Windows Server 2008 by 18 months, and again reminded customers that the still-strong Windows XP will retire in April 2014.

Windows watcher Mary Jo Foley, a blogger for ZDNet, first reported the change. Announced in the company’s newest support lifecycle newsletter, the extension was triggered by standard practices at the Redmond, Wash. developer.

[ Also on InfoWorld: Eric Knorr says Microsoft earns cloud cred with Windows Server 2012. | Stay ahead of the key tech business news with InfoWorld’s Today’s Headlines: First Look newsletter. | Read Bill Snyder’s Tech’s Bottom Line blog for what the key business trends mean to you. ]

“The Microsoft policy provides a minimum of five years of Mainstream Support or two years of Mainstream Support after the successor product ships, whichever is longer,” the newsletter stated [emphasis in original].

In mainstream support, which runs the first five years of a product’s lifetime, Microsoft ships free security patches, general fixes and even feature updates. The back-half of the 10-year-support, called extended support, commits the company to free security updates only, although it will provide non-security bug fixes for a price.

But as Microsoft noted, an exception in the rules requires an extension if the follow-up product is slow to arrive.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 
Microsoft considers Windows Server 2012 the true successor to Server 2008, even though Windows Server 2008 R2 followed the latter in 2009. Server 2012 debuted earlier this month. The old date for shifting from mainstream to extended support — July 9, 2013 — has been bumped to Jan. 15. 2015. And the end of extended support — in other words, the final retirement date — has been pushed out 18 months, too: It is now Jan. 14, 2020.

Microsoft’s newsletter also reiterated frequently voiced advice from the company: Get off Windows XP.

“We recommend that customers running computers with Windows XP take action and update or upgrade their PCs before the end-of-support date,” read the newsletter, referring to the April 8, 2014 drop-dead date. “If Windows XP is still being run in your environment and you feel that migration will not be complete by April 8, 2014, or you haven’t begun migration yet, Microsoft is eager to help.”

Notably, Microsoft listed links to several online resources for migrating Windows XP to Windows 7, not to Windows 8, perhaps recognizing that customers are much more likely to pick Windows 7 in any case.

Support extensions are rare, but not unprecedented. Last February, for example, Microsoft quietly prolonged support for the consumer versions of Windows 7 and Windows Vista by five years to sync them with the lifespan of enterprise editions.

That move was, in fact, more significant than Monday’s, as it accompanied a promise by Microsoft to support all versions of an operating system, including consumer-targeting SKUs, or “stock-keeping units,” for at least 10 years.

And in Jan. 2007, Microsoft extended mainstream support for Windows XP Home to 2009 and its retirement date to April 2014, primarily to sync its timetable with Windows XP Professional’s but also recognizing reality: XP would remain a powerhouse for the foreseeable future.

According to metrics company Net Applications, Windows XP accounted for 42.5% of all operating systems used to reach the Internet last month. At its current — and relatively slow — rate of decline, Windows XP should still be powering one in four personal computers in April 2014.

Go to Top