msft No Windows XP, Office 2003 patches in May Patch Tuesday

[+Frank B. Subscriber²]

No Windows XP, Office 2003 patches in May Patch Tuesday

 

Summary: The company will release eight bulletins, two of them critical, and five for Microsoft Windows. Windows XP is not scheduled to receive an update, nor is Office 2003 scheduled to receive either of the two Office updates.

 

Microsoft has released their advance notification for the May 2014 Patch Tuesday updates. There will be a total of eight updates issued next Tuesday, May 13, two of them rated critical.

 

This is the first Patch Tuesday since the end of support for Windows XP and Office 2003. Even though Microsoft provided an update one week ago for all Windows versions, including Windows XP, they do not plan to make any such accommodations this time.

 

Bulletin one, which will be released as MS14-022, is a remote code execution vulnerability for Microsoft Windows, specifically involving Internet Explorer. It is listed as critical for all client versions of Windows from Windows Vista through Windows 8.1 and moderate for all Windows Server versions. In such cases it is inevitable that the bug will be critical on Windows XP as well, but XP is not listed as among the products to be updated.

 

The other critical bulletin, Bulletin two (MS14-023), addresses at least one critical vulnerability in SharePoint Server 2007, 2010 and 2013.

 

Bulletins three and eight affect all supported versions of Microsoft Office: 2007, 2010 and 2013, both x86 and ARM, and are rated Important for all platforms. Office 2003, which also reached its end of support last month, is not listed as being scheduled to receive an update.

 

The other four bulletins and updates all affect Microsoft Windows and are rated Important. Based on the other products affected it would appear that Windows XP will be affected by bulletins four, five and six, but not seven.

 

As is usually the case, Microsoft will also release a new version of the Windows Malicious Software Removal Tool and a large collection of non-security updates to various Windows versions.

 

Dustin Childs, Group Manager for Microsoft Trustworthy Computing did not address the XP/Office 2003 issues in his blog announcing the advance notification.

 

Source: ZDNet

[Dot Matrix]

Good! Upgrade!

[Max Norris]

Well considering they both went out of their lifecycle last month, this really shouldn't come as a surprise to anybody.

[techbeck]

So, products that are no longer supported are not longer getting updates. Shocking.

[Riggers]

Where are the hundreds of XP vulnerabilities that the malware writers were sitting on?

[notchinese]

:Cues awkward picture of Nicolas Cage:

[Dot Matrix]

Where are the hundreds of XP vulnerabilities that the malware writers were sitting on?

Well, at least 5 are listed in the bulletins above.

[Riggers]

Well, at least 5 are listed in the bulletins above.

Yeah but that`s just a "normal" month, actually probably less than normal as there`s only one RCE in there...Listen i`m not telling people not to UPGRADE, it`s by far the best thing to do not only from a security standpoint but also a stability one. What i don`t like is all the websites throwing out FUD and scaremongering making out that if people (i`m talking general public here, not businesses, they have no excuse and should have upgraded) didn`t upgrade by April then they would be hit with a daily deluge of vulnerabilities and malware problems!

Much better to inform people exactly what is happening and if possible help them with upgrading or whatever.

[FloatingFatMan]

Why is this even news? Both products are no longer supported, so it's hardly a surprise that they don't issue updates any more...