Jump to content



Photo

No Windows XP, Office 2003 patches in May Patch Tuesday

msft patch tuesday

  • Please log in to reply
8 replies to this topic

#1 +Frank B.

Frank B.

    Member N° 1,302

  • 23,592 posts
  • Joined: 18-September 01
  • Location: Frankfurt, DE
  • OS: OS X 10.10
  • Phone: iPhone 6

Posted 08 May 2014 - 19:36

No Windows XP, Office 2003 patches in May Patch Tuesday

 

Summary: The company will release eight bulletins, two of them critical, and five for Microsoft Windows. Windows XP is not scheduled to receive an update, nor is Office 2003 scheduled to receive either of the two Office updates.

 

Microsoft has released their advance notification for the May 2014 Patch Tuesday updates. There will be a total of eight updates issued next Tuesday, May 13, two of them rated critical.

 

This is the first Patch Tuesday since the end of support for Windows XP and Office 2003. Even though Microsoft provided an update one week ago for all Windows versions, including Windows XP, they do not plan to make any such accommodations this time.

 

Bulletin one, which will be released as MS14-022, is a remote code execution vulnerability for Microsoft Windows, specifically involving Internet Explorer. It is listed as critical for all client versions of Windows from Windows Vista through Windows 8.1 and moderate for all Windows Server versions. In such cases it is inevitable that the bug will be critical on Windows XP as well, but XP is not listed as among the products to be updated.

 

The other critical bulletin, Bulletin two (MS14-023), addresses at least one critical vulnerability in SharePoint Server 2007, 2010 and 2013.

 

Bulletins three and eight affect all supported versions of Microsoft Office: 2007, 2010 and 2013, both x86 and ARM, and are rated Important for all platforms. Office 2003, which also reached its end of support last month, is not listed as being scheduled to receive an update.

 

The other four bulletins and updates all affect Microsoft Windows and are rated Important. Based on the other products affected it would appear that Windows XP will be affected by bulletins four, five and six, but not seven.

 

As is usually the case, Microsoft will also release a new version of the Windows Malicious Software Removal Tool and a large collection of non-security updates to various Windows versions.

 

Dustin Childs, Group Manager for Microsoft Trustworthy Computing did not address the XP/Office 2003 issues in his blog announcing the advance notification.

 

Source: ZDNet




#2 Dot Matrix

Dot Matrix

    Neowinian Senior

  • 10,967 posts
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 08 May 2014 - 19:40

Good! Upgrade!



#3 Max Norris

Max Norris

    Neowinian Senior

  • 4,807 posts
  • Joined: 20-February 11
  • OS: Windows 8.1, BSD Unix
  • Phone: HTC One (Home) Lumia 1020 (Work)

Posted 08 May 2014 - 19:41

Well considering they both went out of their lifecycle last month, this really shouldn't come as a surprise to anybody.



#4 +techbeck

techbeck

    Neowinian Senior

  • 18,687 posts
  • Joined: 20-January 05

Posted 08 May 2014 - 19:45

So, products that are no longer supported are not longer getting updates. Shocking.



#5 Riggers

Riggers

    Neowinian

  • 1,075 posts
  • Joined: 03-March 08

Posted 08 May 2014 - 19:47

Where are the hundreds of XP vulnerabilities that the malware writers were sitting on?



#6 notchinese

notchinese

    Neowinian

  • 521 posts
  • Joined: 04-October 12

Posted 08 May 2014 - 19:49

:Cues awkward picture of Nicolas Cage:



#7 Dot Matrix

Dot Matrix

    Neowinian Senior

  • 10,967 posts
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 08 May 2014 - 19:49

Where are the hundreds of XP vulnerabilities that the malware writers were sitting on?

Well, at least 5 are listed in the bulletins above.



#8 Riggers

Riggers

    Neowinian

  • 1,075 posts
  • Joined: 03-March 08

Posted 09 May 2014 - 09:59

Well, at least 5 are listed in the bulletins above.

Yeah but that`s just a "normal" month, actually probably less than normal as there`s only one RCE in there...Listen i`m not telling people not to UPGRADE, it`s by far the best thing to do not only from a security standpoint but also a stability one. What i don`t like is all the websites throwing out FUD and scaremongering making out that if people (i`m talking general public here, not businesses, they have no excuse and should have upgraded) didn`t upgrade by April then they would be hit with a daily deluge of vulnerabilities and malware problems!

Much better to inform people exactly what is happening and if possible help them with upgrading or whatever.



#9 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 15,942 posts
  • Joined: 23-August 04
  • Location: UK

Posted 09 May 2014 - 10:42

Why is this even news? Both products are no longer supported, so it's hardly a surprise that they don't issue updates any more...