Latest Patch Tuesday Underscores Windows XP Demise

Brandon Dimmel's picture

Microsoft's latest Patch Tuesday release fixes several security vulnerabilities currently marked "critical" -- the firm's highest security rating. Microsoft's Patch Tuesday fixes are always rolled out starting the second Tuesday of each month, but sometimes take longer to reach consumers depending on Internet availability.

This month's Patch Tuesday includes five security updates, two of which have been marked critical. One of those critical fixes addresses a vulnerability in Internet Explorer, Microsoft's web browser.

This month's updates are particularly noteworthy, because it's the penultimate Patch Tuesday for Windows XP. After that, XP users will be especially vulnerable to attacks.

Internet Explorer Vulnerability Already Being Exploited by Hackers

According to reports, hackers are already exploiting the flaw by using attack code found on a website called "Veterans of Foreign Wars". Last month at least two security companies -- FireEye and Websense -- reported finding the attack code online.

Microsoft responded by offering users a special "Fix It" tool while it worked on a more permanent solution. The issue is said to affect both Internet Explorer 9 and 10, though only IE10 is currently being targeted by hackers. (Source: cnet.com)

Windows XP Continues to be Most Vulnerable

This month's Patch Tuesday will also fix a critical vulnerability found in most versions of Windows, from Windows XP through Windows 8. If exploited, the flaw could allow hackers to use remote code execution to take control of a targeted system.

"Windows XP is affected by all five updates, and there is really no reason to expect this picture to change," noted security expert Wolfgang Kandek. "Windows XP will continue to be impacted by the majority of vulnerabilities found in the Windows ecosystem, but you will not be able to address the issues anymore."

Experts hope this Patch Tuesday will help push Windows XP users away from the dying operating system (OS) and towards a newer version of the Windows OS.

Windows XP: No More Security Updates After April 2014

Windows XP support officially ends April 8, 2014. Users that insist on running Windows XP after that point will be extremely vulnerable to new security threats as they are developed and actively exploited by third parties (usually through emails, malicious websites, and downloads).

Attacks usually result in malware infections, which are then linked to ID theft, corrupted data (including data that is held hostage for ransom), or worse.

"Windows XP is getting its penultimate update and is now very close (just over 30 days) to its declared end of life date," Kandek added. (Source: qualys.com)

What's Your Opinion?

Are you still using Windows XP on any of your PCs? If so, do you plan to continue using Windows XP despite the high security risks, or will you make the switch to a newer operating system any time soon? If you own a PC that still operates Windows XP, do you plan on updating to Windows 7, 8, or an entirely new platform, such as Linux?

Rate this article: 
Average: 4.1 (12 votes)

Comments

DavidFB's picture

I have XP installed as a virtual PC in VirtualBox to run some older software I use occasionally that wouldn't load on Win7. That will continue. I know lots of people with XP boxes around who don't have the funds or expertise to upgrade. Or that have an old box they use for streaming movies to their TV or some such. I urged them to get Win7 while they could. They'll probably limp along for some time. I can see a surge in infection vectors and zombie systems used in DDOS attacks.

Dennis Faas's picture

It's worth noting that if you run Windows 7 Professional, Enterprise, or Ultimate edition and need the Windows XP compatibility, you can also use "Windows XP mode" instead of running a separate virtual machine:

http://windows.microsoft.com/en-us/windows7/install-and-use-windows-xp-mode-in-windows-7

blueboxer2's picture

Windows 7, by comparison, is a prissy, uncooperative, domineering pain compared to XP, which I will continue to use on three older machines, none of which have the power to use Win7 anyway. (OK, technically they meet minimums, just, if you'll take minimal performance. But why bother?)
I have Windows 8 but refuse to install it. Windows 7 is bad enough but I will use it for email, downloads, and most internet exposure. With my XP machines I will use hardware and software firewalls, third party antivirus from one of the many who have announced continued support for XP, a reasonably paranoid browser (something like Comodo Ice Dragon comes to mind), sandboxie, third-party anti-malware tools like Win Patrol, Spybot S&D, MBAM,limit my browsing to known safe sites, and if all else fails,keep an instantly directly restoreable image backup to hand. And then I will go on using the software that won't run on Win7, or for which there's a far more comfortable XP version.
There are good and valid reasons to continue to harbour and use XP machines and I believe numerous ways to do it with maximum convenience and minimal risk. And if the new guy can't straighten out the Microsoft Windows mess in time and on a
reasonable basis, I've learned new operating systems - and variations - before and there's no reason I can't take on Linux next. It won't even cost me anything!

oldmanwest's picture

You can't just get a PC and never maintain it. I find Win 7 to be a very good OS but Win 8.1 is much better mainly because of faster load times and less system resource usage. I have it on three PC's, a newer laptop, an old Vista laptop (8 yrs old, I think) and a tablet. I have Win 7 on two old XP Deskop machines and two older Vista machines, a desktop and laptop. They really work great. But I tweaked them a little. Configure your PC hardware to the OS you have on it. Lots of tips on the "net" to help you. One of the first things I do is reconfigure the performance and visuals in {Control Panel>All control Panel Items>Performance Information and Tools}. The biggest two problems I have experienced is that the video card and/or memory is inadequate. Reconfiguring performance and visuals usually helps. Or do what I do and upgrade the hardware. Rummage sales is a great source for cheap parts. I have found that Linux, a great free OS, is just too limited to run the really "good" stuff. But the idea of free is really appealing, enough so to run a dual boot OS. Just try some "tweaking on your Win 7 machines and I believe you will like it better. If you ever installed Win 8.1 and played with it a little I believe you would come to like it even better. Good luck.

richo8221's picture

I have Win 7 and this weeks patch was the all time slowest update I have ever seen! It took 15 minutes for it to configure itself...am getting tired of Microsoft...time for Linux..

XP was the best thing they ever made!

oldmanwest's picture

I still have a working Win 98 laptop. It's retired now. Keep it for nostalgia reasons. Win 2000 replaced my 98. A good thing as it was a much improved OS. My Win XP replaced that. A good thing as it was a much improved OS. My three Vista machines (yuck) got a much needed upgrade to Win 7 after it came out. A good thing as it was a much improved OS. My old Win XP home office machine just got replaced with one of my old Vista machines (that I had upgraded to Win 7) because of the discontinuing support for XP. Works like a charm. One of the other Vista machines got an upgrade to Win 8.1. A good thing as it is a much improved OS. Summary... I have working machines with Win 98, XP, 7 and 8.1, (not including the Apple and Android devices.) Which ones run the best? Win 8.1. Now I have three machines with 8.1 on them. If you don't like Win 8.1 it is either because you are scared of it or just too lazy to learn how to use it... Win 8.1 is a good thing. Win 8.1 update 1 is just going to be that much better and easier to use, especially on older machines that are not touch screen. I will continue using XP for minimal usage but not for any online business any longer. That old nostalgia thing in me dies hard. If you don't like Win 7 then it is just because you are too lazy to configure your machine. It works great, better than XP but not as good as Win 8.1. Get on your "duff" and do a little maintenance. Happy "puting".

ClemsKreb's picture

Why do I need to waste money when I have something that meets my needs? You have a bunch of computers whoopee and three of them are 8.1 so what? If you want to buy me and the hundreds of thousands of others an 8.1 I'll take it, but I have better things to do with my money and contrary to your opinion that doesn't make me or any of the other lazy.

CMDD's picture

The thing i find interesting is that in the hospitals I have visited lately, All their monitoring, drug dispensing, and ??? systems are still running XP ( both For-Profit and County[Non-Profit]). This is a Life Safety issue. The fist time someone dies because MS did not release a patch there will be lots of lawsuits and ringing of hands.

Dennis Faas's picture

I see WinXP still being used in many corporate environments, ranging from Hospitals (as you mention), to Banks, to Insurance Agencies. Each of these computers are connected to a much larger network of PCs running the same operating system -- all of which are at high risk of being infected by malware and sensitive data stolen.

Sure there's defense mechanisms (firewalls, antivirus, etc) that will help to prevent such an attack, but they won't catch them all. That's why security updates from Microsoft are released regularly to fix remote code execution and similar issues. And, when there's no more security releases to fix the most critical of exploits, that's when it's going to be a huge problem for those who insist on running the platform despite the risks.

ClemsKreb's picture

I believe there are companies out there that can develop 3rd party updates. It comes down to cost to these hospitals and others that still at this point have refused to buckle under the threats from MS. That's why so many people hate Microsoft, when they build a quality product they don't stick by it, they want you to buy crap when they could charge you a nominal fee for X numbers of years and continue to cover XP. If it ain't broke why do we have to buy something else?

ClemsKreb's picture

I'm not going to run out to buy a new computer just because a POS operation like Microsoft is dropping my XP from its security umbrella. 1) I bought it in 2004, I've gotten my money's worth out of it a hundred times over, but as long as it is better than Vista or WIN 8 or 8.1 I'll continue to use it, I primarily use it for working with photos, that's where I have Photoshop Its a Desktop and with a large monitor, but most important what hacker in his right mind is going to bother attacking the average consumer, they want to companies still using it and there are still thousands that do, that's are the the ones who need to invest in security of their own or buy the crap MS has to offer now.2) I used a WIN ME from the late 90s after Microsoft ditched that and continued to use it as a backup to my XP right up to June 2012. Like I said a hacker would grow a long beard waiting for me to turn on that computer, AVERAGE PEOPLE DON'T LISTEN TO MS!! If I had a business with 100 terminals and I still had XP, I might be scared. 3) I have a WIN 7 64 Professional Laptop and a Tablet with HP WEBOS, no hacker in his right mind is going to bother hack that. I refuse to use absolute CRAP like WIN 8 or 8.1, just as I refused to buy Vista, I always try to skip the next OS after a Good OS, so I'm looking forward to WIN 9 or 10 if Microsoft is still in business.

blueboxer2's picture

My quite modest mainstream 2011 SUV has about 7000 km. on the clock - that's all. I can comfortably afford any production car sold in Canada - but my SUV is calculatedly narrow and easily navigated through snowbank-narrowed city streets, it's easy to fit in even a regular parking slot if the handicap one is blocked, the hatchback happily swallows my walker without folding, or keeps all my handicap paraphernalia available on trips, it 's high enough for me to get in and out of despite a broken back, power everything so even dropping strength can handle it, and even easy on gas. So why don't trade it in on a Jaguar which I've coveted since I saw my first XK-120? Simply the SUV fits my lifestyle requirements, while even if I could get into a Jag I'd need help getting out.

My first computer dates to the early 8-bit rush,when every week saw another manufacturer throw in the towel and users, left high and dry, had to either buy new and different and expensive, or learn to make what they had, work. The teething years of Microsoft - 3.1 to ME - were another experience in just finally getting the damn thing to work when it was abandoned. But when XP came along, it could be tampered with, effectively, and made to do the job better, and it didn't break. It actually responded to its user and was malleable enough to be customized to comfortable usability. It did the job right.

But Win7, for all its vaunted security and usability, just won't run many of my trusted favourite programs. It wants a subtly mis-dimensioned screen on which nothing ever wants to fit.The menus demand, and obscure, unconscionable amounts of screen real estate, which it allows self-indulgent programs to hog far more than their share of memory or plunk in interrupts at the most inappropriate times. And all the adjustments are hidden deep under layer after layer of oversimplified menus or the highest twig of a massively branched file tree. It's a life's work to bring it to the most modest degree of user comfort, and seriously useful tampering is balked at every turn.

And as for that epitome of user-unfriendliness Win8 - troubles enough I've got already, I don't need more.

Give me the toll that meets my needs and serves me comfortably. XP forever!

mike's picture

Like blueboxer, I have been using using Windows computers for a long time and agree that with XP, Microsoft finally got Windows to a usable state. I have three computers on Windows 7 along with one still on Windows XP and several on earlier versions of Windows.
Nothing has been as good as Windows XP in a long time - so the Windows XP system will NOT be "upgraded" to Windows 7 or 8 - maybe what ever replaces 8, as long as it has a real Windows desktop and not that "metro" mess. Windows 7 has a serious flaw in its "library" fixation. I don't know if Windows 8 has the same problem, but it has the "metro" goofy interface. I am seriously considering some version of Linux to replace all of the Windows.
Windows 7 would be more usable if you could completely disable the "library feature" - I arrange my files the way I need them and don't need or want Windows to help.
What little I have used Ubuntu Linux makes me believe it is more user friendly than either Windows 7 or 8 - and definitely makes more sense than the "metro" interface - expecially for those of us that can't afford to replace our working monitors with touch screen monitors for no advantage at all!!

saved2serve's picture

Whiole i am on w/8.1 now (with Classic Shell of course), i have used W/9x and then XP for years, and still have it on a Acer 2480 and it is very quicker - faster than even Puppy Linux was when it dual booted with it.

Concerning Linux, while usually you will see Linux being offered as Desktop ready, yet after using every major and some minor distros ("flavors") of it, i almost always had problems with it not doing what i can take for granted in Windows XP, or could easily be done.

But after recently again trying a number of Linux distros made for older, low ram (512mb lower) systems, if i was going to recommend any it would be Xubuntu. I replaced Puppy with it on the Acer and it works quite well, although on another older laptop (HP/Compaq nx9005) it could not connect to the Internet via a simply DSL cable connection.

But it is a promising addition to the basically too varied flavors of Linux.

A drawback is that multimedia codecs needed to play things certain formal DVDs are not legal in America without a license (though that issue draws much fire) , and thus Fluendo sells codecs, and now even a DVD Player for Linux/Unix and Windows platforms.