Patch Tuesday is coming - and Windows XP users are out of luck

Internet Explorer patchMicrosoft has published limited information about the security bulletins it will be publishing on 10 June, as part of its monthly Patch Tuesday round-up.

In all, Microsoft plans to release seven security bulletins - including five rated "important" and two given the highest rating of "critical".

One of those critical patches, will be for all versions of Internet Explorer and address a remote code execution vulnerability publicly disclosed by HP's Zero Day Initiative (ZDI) last month after it got fed up waiting for Microsoft to issue a fix.

ZDI says it initially told Microsoft about the flaw in October 2013, but because no patch had been made available after more than six months it decided to make information about the vulnerability public.

The security flaw, which can reportedly be mitigated now by installing Microsoft's Enhanced Mitigation Experience Toolkit (EMET), could help malware be spread via boobytrapped websites or malicious emails, but (fortunately) has not been seen being exploited in the wild.

The second critical security bulletin addresses a remote code execution vulnerability affecting Windows, Microsoft Office, and Microsoft Lync.

Some of the patches to be released by Microsoft on Tuesday will require computers to be restarted, something that many users find a pain - but is clearly unavoidable on this occasion.

And, yes, if you were wondering - Microsoft has stuck to its promise. There are no new security patches for Windows XP.

Of course, that doesn't necessarily mean that Windows XP users aren't at risk - merely that Microsoft is no longer officially supporting the ageing operating system and is strongly encouraging folks to upgrade their systems to something a little more modern if they want to stay safe online.

For more details of the impending Patch Tuesday bundle, check out Microsoft's advance notification.

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , ,

5 Responses

  1. William Stevens

    June 7, 2014 at 5:03 am #

    Well Graham, you should know by now that Microsoft does not really secure me from any virus attacks. I will continue to work with my WinXP system until I decide when to change, not Microsoft. And I don't have to put up with Microsoft wanting to re-start my PC at inopportune times any more. I've done well enough since the days of DOS 2.2 and will continue to do so without Windows 7 or 8 thank you.

  2. A E I O U and sometimes Y

    June 7, 2014 at 5:01 pm #

    We really only use ie to download Firefox (or other browsers) anyway… :-)

  3. jackie

    June 8, 2014 at 4:41 am #

    So every Tuesday we're going to get disaster reminders about XP being excluded from patches. I can't stand Microsoft. I'll use XP as long as I want to. Windows 7 and 8 have nothing to offer me. XP is a true workhorse.

  4. Nicola Tesla

    June 8, 2014 at 6:30 am #

    I shut the XP updates off 14 years ago, and had far less problems than others – who used the updates.
    Instead I used third party professional antivirus.
    So, I am not entirely convinced that using updates to keep a computer secure… is a very reliable course of action.
    It seemed like Panda security, purchased for $5 on Amazon, was doing a better job than any "update."
    Updates corrupted my drivers, and registry, to the point where I stopped using them altogether. Since I shut off the updates, I experienced far fewer difficulties, overall.
    Well, I am not saying that this is the solution for everyone, but it made my experience quite a bit better.

    Perhaps it’s that my older computer was not compatible with updates…

  5. Frustrated by damp

    June 10, 2014 at 12:05 pm #

    What I cannot fathom is that Joe Public doesn't seem to give a flying frat about keeping safe and hasn't a clue about protection or any of the terminology involved. Then they expect those of us that do know, to keep them safe, for nothing.

    For instance, I sorted out a wreck of a Windows 7 netbook yesterday ("I need it for my business, lots of very important and personal data, takes an hour to boot, runs slow, someone down the pub said it needs defagging or something"). I got rid of three browser hijacks and dozens of plug-ins, 2GB of temp files, a massive browser cache, thousands of cookies and two dozen other issues. Funnily enough, the defrag had been running on a schedule and was the last thing it needed.

    When I explained (in words of one syllabub) what I'd done, I may as well have been describing how to make a particle accelerator from a ZX Spectrum and some Wensleydale cheese.

    Just as I was about to leave, she asked if I knew how long it takes to dry out an 'eye foam' (that she had dropped in the loo). I had to admit that I'd never heard of an 'eye foam', but that it would be sensible to leave it overnight in some strong disinfectant before she uses it anywhere near her eyes.

    Wake me up when it's safe.

Leave a Reply