WinXP

Home/WinXP

Microsoft seeds doubt by erasing XP line in the sand

By |May 26th, 2014|Categories: Microsoft, Security, Tech News, Virus Alerts, WinXP|

Move may end up encouraging some customers to stick with XP even longer

May 7, 2014
(Computerworld)

Microsoft’s decision to erase its support line in the sand has sowed confusion and will likely encourage bad behavior by some customers, analysts said today.

“If next month someone finds another zero-day like this one, Microsoft could just move the line again,” said John Pescatore, director of emerging security trends at the SANS Institute, a security training organization.

“In a way, this encourages bad behavior. There’s a risk that people will look at it that way,” said Michael Silver, an analyst with Gartner, referring to those who will now question Microsoft’s determination to end XP support, and thus slow or even suspend their migrations to newer editions of Windows.

The experts were talking about Microsoft’s move on May 1 to issue fixes for a critical vulnerability in Internet Explorer […]

Bug bounty program outs 7-month-old IE zero-day

By |May 26th, 2014|Categories: Microsoft, Security, Tech News, Virus Alerts, WinXP|

No sign that hackers are exploiting the unpatched vulnerability in IE8; XP users will never see the fix

May 22, 2014
(Computerworld)

An HP bug bounty program yesterday published information about a critical vulnerability in Internet Explorer 8 (IE8) because Microsoft did not meet its patch-or-we-go-public deadline.

HP TippingPoint’s Zero Day Initiative (ZDI) revealed some details about the vulnerability Wednesday in an online advisory after its 180-day grace period had expired without Microsoft providing a patch to customers.

The bug, which was reported to ZDI by Belgium security researcher Peter Van Eeckhoutte, was handed to Microsoft on Oct. 11, 2013. At the time, ZDI had a 180-day patch policy: If the vendor did not patch the vulnerability in that time, or failed to explain why it could not, ZDI would go public with the flaw.

Since then ZDI has shortened the window to […]

Microsoft’s Patch Tuesday gives XP attackers a roadmap

By |May 20th, 2014|Categories: Microsoft, Security, Tech News, Virus Alerts, WinXP|Tags: , , |

IDG News Service – For the latest round of Microsoft’s monthly collection of software patches, the company has fixed critical issues in Internet Explorer (IE) and Windows that have already been used by malicious attackers to compromised systems.

It is the software that Microsoft has not patched this month that is probably of greatest interest to attackers.

Overall, Microsoft has issued eight bulletins this month, fixing 13 vulnerabilities in Windows, Internet Explorer and Office.

None of these fixes are for Windows XP or Office 2003, both of which Microsoft stopped supporting in April (except for those customers with extended support contracts). Many of the patches in this month’s collection do fix code vulnerabilities that probably originated in Windows XP or Office 2003, if not in earlier versions.

Studying what is being fixed with each month’s round of patches could give attackers an easy […]

Windows XP Exploit Protection Tested, Winners Revealed

By |May 18th, 2014|Categories: Microsoft, Security, Tech News, WinXP|Tags: , , |

XP Exploit Protection Test

I collect and analyze test results from a half-dozen antivirus test labs all over the world. Most of them run a regular cycle, releasing new results monthly, quarterly, or at other intervals. Security vendors can also commission one-off tests, which seem to invariably show them in a good light. That’s only logical; if the test reveals problems they use it to improve the product, not for publicity. Chinese security vendor Qihoo 360 totally aced a recently-commissioned test by AV-Test that specifically evaluated protection against Windows XP exploits.

Simple Test
On May’s Patch Tuesday, Microsoft released a collection of patches for vulnerabilities in various Windows versions. For the first time, and from now on, XP got bupkis. You can bet the bad guys are combing through the announced patches for other Windows versions to […]

Microsoft makes one-time exception, patches IE on Windows XP

By |May 14th, 2014|Categories: Microsoft, Security, Tech News, WinXP|Tags: , , |

Calls news coverage of IE vulnerability ‘overblown,’ but patches IE6, IE7 and IE8 on XP anyway

May 1, 2014
(Computerworld)

Microsoft today shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting.

But in an unexpected move, Microsoft allowed Windows XP machines to receive the update, even though it had long held that the 13-year-old operating system had absolutely, positively retired on April 8.

“I’m surprised they went out-of-band at all,” said Andrew Storms, director of DevOps at security company CloudPassage, using the term for an emergency update outside the normal monthly patch cycle Microsoft maintains. “While there was a lot of talk about this zero-day, it was mainly focused on the XP angle.”

In fact, today’s turnabout was bigger news than the security update itself, something Microsoft tacitly acknowledged by posting a long […]

Microsoft sketches out final Windows XP security updates for next week

By |April 3rd, 2014|Categories: Tech News, WinXP|

News

April 3, 2014 03:06 PM ET

Computerworld – Microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.

Of the four updates, two were tagged “critical,” Microsoft’s most serious threat rating, and the other pair was marked “important,” the next step down in the firm’s four-part scoring system.

All four, however, were labeled in today’s advance notification with the phrase “remote code execution,” meaning that attackers could hijack an unpatched PC if they managed to exploit the vulnerabilities. Microsoft often downgrades remote code flaws to the important category when there are mitigating factors — say, a requirement that users click through multiple warnings or deviate from a standard configuration — that prevent easy exploitation.

One of the quartet will directly affect Windows XP — all […]