14 DAY TRIAL // Microsoft this morning announced that it would release a total of eight different security bulletins on Patch Tuesday to fix flaws in Windows and Internet Explorer, and it appears that Windows XP is being left out of the rollout for the first time after the April 8 retirement.
Redmond hasn't provided too many details on what's going to be fixed on Patch Tuesday, but a company spokesperson confirmed in a statement for ThreatPost, which is Kaspersky very own blog, that Windows XP won't get any other fixes, so moving to a modern version of Windows is the only option to stay secure.
“Our existing policy remains in place, and as such, Microsoft no longer supports Windows XP. We continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1,” a Microsoft spokesman said.
Such news are a bit worrying given the fact that no less than 26 percent of the desktop computers worldwide are still powered by Windows XP, but these figures are likely to drop in the coming months when more large companies and users worldwide would complete the transition to a newer OS version.
Windows XP support was retired on April 8, but Microsoft last week released an out of band patch designed to fix an Internet Explorer flaw, so some people thought that this OS version could be patched for ever whenever the company finds a new critical vulnerability. That's not the case, however, and Microsoft warned that it was only an exception because many users are now in the process of upgrading their computers to newer platforms.
According to Qualys CTO Wolfgang Kandek, Microsoft might next week patch another Internet Explorer vulnerability which was first found at this Pwn2Own competition at CanSecWest.
“IE6, IE7 and IE8 are being patched for Windows Server 2003, but not for Windows XP, which had its End-of-Life date last month in April 2014 and will not receive any more regular updates,” he said today.
“The Internet Explorer update should contain the cumulative fix for last months 0-day, already addressed by Microsoft in an out-of-band fashion last week in MS14-021 and the vulnerabilities disclosed during the year's PWN2OWN competition at CanSecWest. This update should be high on your list, especially if you have not applied MS14-021 yet.”
As usual, all fixes prepared for Patch Tuesday will be shipped via Windows Update, so just make sure that your computer is connected to the Internet next week.