Next Tuesday is much more significant than the usual Patch Tuesday, because this crop of updates will be the last one for both Windows XP and Office 2003.
After April 8, most of the IT-enlightened world will be holding its collective breath, waiting for a likely deluge of hacks, attacks and malware based on vulnerabilities in Windows XP and Office 2003.
According to the official advance warning bulletin from Microsoft, this month’s updates will include patches for Office, Windows and Internet Explorer. Two of the patches are flagged as Critical.
This month’s Ouch! newsletter (PDF) from SANS should dispel any thoughts you may have regarding your digital safety.
In the networked world, if your device is connected, it is potentially vulnerable. Staying safe is largely a matter of vigilance: keep your software patched, use strong, unique passwords, and avoid opening suspicious email or browsing shady web sites.
The Ouch! newsletter is aimed at general users, so IT professionals may not learn much from reading it.
The recent Pwn2Own hacking competition revealed vulnerabilities in a variety of software products, including Chrome, Firefox, Internet Explorer, and Flash.
While patches for Firefox and Chrome were released soon after the results of the contest were published, the vulnerabilities in Flash remain unpatched. They are identified as CVE-2014-0506 and CVE-2014-0510. Severity is ranked as high for both vulnerabilities. No exploits for these vulnerabilities have yet been seen in the wild.
Update 2014Apr09: CVE-2014-0506 was fixed in Flash 13.0.0.182.
Microsoft recently announced the release date for Windows 8.1 Update 1: April 8, 2014, which is also Patch Tuesday for April. Windows 8.x users will be able to download the update via the Windows Update service.
This update brings back some of the mouse/keyboard and desktop features missing from the original version. Still missing, however, is the Start menu.
With less than a week to go before Microsoft ends support for Windows XP, over 27% of Internet-connected computers are still running the venerable O/S, according to an Ars Technica report.
Microsoft has clearly been unable to convince XP users to switch to another O/S, and the days and weeks following April 8 will likely be filled with stories about new malware and attacks on XP-based systems.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.