Holdouts Take Note: Microsoft Readies Penultimate Patch for Windows XP

Pulkit Chandna

Support for Windows XP to end next month

Windows XP support is entering its final stages. This coming Tuesday will see the release of some of the last security patches for the operating system which, despite its advanced age, still commands a sizable share of the PC market and simply refuses to die.

Microsoft will be delivering five security bulletins on this month’s Patch Tuesday . If you’re a Windows XP holdout, what you should really be concerned about is the fact that all five security bulletins affect Windows XP. With Windows XP support scheduled to end on April 8, now is a good time to abandon the 13-year-old operating system if you haven’t done so already.

Of the five security bulletins, two are rated “critical” and three “important”. One of the critical bulletins will address a zero-day bug in Internet Explorer that last month prompted the Redmond-based company to issue a “Fix it” tool to help temporarily block ongoing attacks until such time as a more permanent fix was available.

“Windows XP is affected by all five updates, and there is really no reason to expect this picture to change; Windows XP will continue to be impacted by the majority of vulnerabilities found in the Windows ecosystem, but you will not be able to address the issues anymore,” wrote Qualys CTO Wolfgang Kandek in a recent blog post .

“So you need a strategy for the XP machines remaining in your infrastructure. We are still seeing a significant number of XP machines in our scans, ranging from around 25% in our consumer oriented service BrowserCheck to under 20% in our enterprise oriented data from QualysGuard.”

“Of the remaining issues, one is an important privilege issue, probably going to be a kernel or kernel driver patch; never something to ignore but less important than a critical/remote issue,” wrote Ross Barrett, senior manager of security engineering at Rapid 7, in a post on security news site Help Net Security . “The other two are the seldom seen ‘security mechanism bypasses’, probably the same issue being patched in Windows and in Silverlight.  We will have to wait and see how exploitable this turns out to be.  If it turns out that some of these issues are in the wild and under exploitation, then that will be change the circumstances of what to prioritize.”

Follow Pulkit on Google+

Around the web