This is the first “Patch Tuesday” that will not apply to the 12 year old operating system. That means that all of the vulnerabilities that get patched on newer, Microsoft-supported operating systems will remain vulnerabilities on Windows XP. One of these vulnerabilities is the critical zero day that affected Internet Explorer 6-11 in late April.
Microsoft did release an emergency “out-of-band patch” for this zero day on May 1st, and this emergency patch did apply to Windows XP; however, today’s update, and the additional updates that come with it, will not. This includes a patch for a previously undisclosed IE vulnerability (CVE-2014-1815) that has been spotted in targeted attacks by Google researchers in the wild, as well as a patch for multiple Microsoft SharePoint vulnerabilities that allow for remote execution of malicious code.
In all, this month’s Patch Tuesday features 8 Security Bulletins, and it remedies 13 Critical and Important vulnerabilities.
How can I get the updates?
As always, users who have automatic updates from Microsoft enabled will receive all issued Security Bulletins the next time they restart their computer – unless of course they are running Windows XP.
If you do not have automatic updates enabled, you can turn this feature ON in the System and Security section of your PC’s Control Panel. From there, you can also check for updates manually, if you prefer.
What should I do if I’m running XP?
From this point forward, all of the vulnerabilities that get patched on newer, Microsoft-supported operating systems will remain vulnerabilities on Windows XP. Microsoft officially cut support for the antiquated operating system on April 8th, 2014.
Fortunately, Microsoft has not released technical details regarding the vulnerabilities this month’s round of updates have been designed to patch – but this does not mean that these details will remain indefinitely undisclosed. An estimated 25-40% of the world’s PCs still utilize XP, including end-user machines, point of sale registers, and ATMs. This is a huge incentive for financially motivated cybercriminals to uncover and exploit unpatched XP security holes.
As per our January announcement, Emsisoft will continue to provide support for Emsisoft Anti-Malware on Windows XP until at least April 2016. If, however, you are still running the OS, we highly recommend a system upgrade as soon as possible. As the months go by, each new Patch Tuesday will repair Microsoft-supported operating systems, but it was also effectively notify malware authors of which XP applications are vulnerable, allowing for more accurate and powerful malware attacks.
Have a great ( XP-Free ;) Patch Tuesday!
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialMicrosoft’s May 2014 Security Bulletin announcement can be viewed in full here:
https://technet.microsoft.com/en-us/library/security/ms14-may.aspx