The XPocalypse is almost upon us: Tomorrow, April 8, is the last time Microsoft will issue security updates for the 13-year-old Windows XP. This month's Patch Tuesday will have a total of four security updates, Microsoft says, which will also include the final updates for Microsoft Office 2003 and a patch for Microsoft Office for Mac 2011.
Two of the four updates are rated 'critical,' which is Microsoft's highest security threat rating. One concerns Microsoft Office 2003, 2007, 2010 (32-bit and 64-bit editions) and 2013; the other affects all supported versions of Internet Explorer except IE 10, running on all currently supported Windows operating systems (XP, Server 2003, Vista, Server 2008, 7, 8, 8.1, RT and RT 8.1). The other two updates, rated 'important,' also concern these operating systems and Microsoft Publisher 2003 and 2007.
MORE: Best Desktop Antivirus Software 2014
May 15, 2017 Download Security Update for Windows XP SP3 (KB4012598) from Official Microsoft Download Center. To find the latest security updates for you, visit Windows Update and click Express Install. Visit the Security At Home web site and follow the steps to ensure you're protected.
All four patches have to do with remote code execution, or an attacker's ability to hijack a computer over a network connection and run software without the legitimate user's involvement.
Microsoft is saving the full details for tomorrow after the updates are pushed out, but in a blog post, the company's Dustin Childs confirmed that one critical Microsoft Office flaw being patched is the recently-discovered zero-day exploit — a malware attack for which no patch existed at the time of discovery — concerning the way Microsoft Word handles RTF (rich text format) files.
Attackers exploiting this vulnerability have created malicious RTF files that, if opened on a target's computer via Microsoft Word or Microsoft Outlook, give the attacker the same administrator rights as the user who opened it (yet another reason why you shouldn't use your computer's administrative account for everyday use). Shadow of mordor lithariel skin patch download.
This attack could work on any version of Microsoft Word, but Microsoft said in its blog post that it has found 'limited attacks' only on Word 2010. Others have reported that the RTF zero-day exploit can also work through Microsoft Outlook, which by default uses Word to preview RTF files.
The other critical patch, concerning Internet Explorer, patches another hole through which attackers could conduct a remote-code-execution attack. Every version of Internet Explorer (6, 7, 8, 9 and 11) is getting this patch except for IE 10, which for some reason doesn't seem to be affected.
Of the two patches marked 'important,' one only affects Microsoft Publisher 2003 and 2007. The other apparently affects every supported Microsoft operating system, from Windows XP to Windows 8.1, but the report offers few more details about it.
To make sure you receive all crucial Microsoft software updates, go into your Windows Start menu, click 'All Programs,' then click 'Windows Update.' In the resulting pop-up window, select 'Change settings' and then select 'Install updates automatically.'
If you're running Microsoft Office for Mac 2011, open up Microsoft Office for Mac 2011 and select 'Check for updates' on the Help menu.
We'll have a post-mortem on Windows XP's final Patch Tuesday after the full updates are pushed through tomorrow.
Email [email protected] or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.
Windows XP isn’t dead and buried yet. Microsoft will be creating security updates for XP for years to come, but those updates won’t be available to normal users. No, they’re just for large businesses and governments with money to burn.
Most people still using Windows XP at home are happy with their PCs and don’t want to pay more money, so Microsoft isn’t offering this service to normal users. They’d probably just be upset if a request for $200 popped up.
Out of Extended Support, Into Custom Support
RELATED:Windows XP End of Support is on April 8th, 2014: Why Windows is Warning You
Windows XP is now out of the “extended support” phase where Microsoft creates security updates for Windows XP and distributes them to all users via Windows Update. Microsoft won’t release any more security updates to most Windows XP users. But Microsoft still offers “custom support relationships” for organizations. Organizations must contact “their account team or their local Microsoft representative for more information.”
The wording here makes it clear that these support contracts aren’t for typical users or even small businesses. They’re intended for large organizations.
Exorbitant Pricing
More than 27% of computers on the Internet still run Windows XP. This includes critical government computers, hundreds of thousands of ATMs, and a huge amount of mission-critical computers inside slow-moving businesses. These governments and businesses may have been asleep at the switch and missed the upgrade deadline, but they’re now scrambling to secure those computers. They have money to burn, and Microsoft will happily take their money.
For a fee of about $200 per PC for the first year — or maybe as low as $100 per PC if you negotiate — Microsoft will continue producing security updates for Windows XP and giving them out to you. That’s just for the first year — the per-PC price will go up in future years.
Microsoft’s quotes for custom support have apparently ranged from $600,000 to $5 million for the first year alone:
“An IT manager, who wished to remain anonymous because he was not authorized to speak on the matter, told Computerworld that Microsoft had quoted his company $1 million for the first year of custom support to cover 5,000 Windows XP machines, $2 million for the second year, and $5 million for the third.” Nba 2k10 euroleague patch download.
Worse yet, these quotes apparently only include the price of critical security updates. If you want an update for an issue only considered “important”, you’ll have to contact Microsoft and pay extra.
The UK government is apparently paying £5.5 million for the first year of custom support, while the Dutch government is also paying several million euros for its own deal.
Profit and Punishment
These high prices serve two purposes. On the one hand, they make a good amount of profit for Microsoft. It’s hard to feel too sorry for organizations who have known for years that the Windows XP end-of-support deadline was coming up. Microsoft even extended this deadline several times in the past. They have to pull the plug at some point. At least some of the money goes toward paying software engineers to produce and test updates.
On the other hand, the high prices encourage organizations to move away from Windows XP as quickly as possible. Microsoft really wants organizations to upgrade so it can forget Windows XP, and punitive fees encourage that.
Custom support isn’t intended for typical users. Microsoft would rather they upgrade from Windows XP by buying a new computer or a boxed copy of Windows 8. They’re not interested in charging normal computer users for security updates. Users would probably react negatively if a request for hundreds of dollars popped up on their Windows XP PCs every year.
Luckily, there’s one free way for Windows XP users to get security updates — upgrade to Linux. Microsoft’s updates are pricey.
Custom Support Makes Sense, But…
Custom support makes a lot of sense. Microsoft wants to end support for Windows XP, but there are large organizations and governments in a panic, willing to pay almost anything for an extension. They’ve had years of warning and multiple extensions of support. They can profit from the situation, get good press for saving governments from a complete security disaster, and encourage everyone to upgrade.
But this may leave a bad taste in some people’s mouths. If Microsoft is already producing security updates for Windows XP, why can’t they just release them to all Windows XP users so everyone can be as secure as possible? If you live in the UK and your government is paying millions of pounds for XP security updates, why can’t you get those updates your dollars are paying for?
Microsoft Security Patch Release
We’re also in uncharted waters here — never before have there been so many users of a now-unsupported operating system. What will happen when we see an Internet Explorer vulnerability that infects millions of Windows XP users? People will call for Microsoft to release the security patches they’ve already made to everyone. Will Microsoft hold firm, or will they buckle and release the occasional security update to everyone? It’ll be a no-win scenario for Microsoft — they can look bad by refusing to release a critical update or they can release it and continue keeping Windows XP on life support forever.
Windows XP support is a mess. Microsoft is throwing a lifeline to governments and other large organizations who were asleep at the switch, but they’re also making good money from it. You probably don’t have millions of dollars to spend on security updates, so Microsoft isn’t offering this service to you.
READ NEXT
![]() ![]() Windows Security Patch Download
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |