View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
May 12, 2014

Microsoft identifies new vulnerabilities

Hackers will use the latest Patch Tuesday to target OS weaknesses.

By Joe Curtis

Users running Windows XP face more risk of attack as Microsoft’s latest security patches reveal critical vulnerabilities to the out-of-support operating system.

The tech giant is due to release eight updates tomorrow (May 13th) in what will be its largest Patch Tuesday this year.

At least half of the bulletins affect the 13-year-old OS for which support expired on April 8.

Two of the eight security bulletins are critical, with SharePoint Server and Internet Explorer (IE) the worst affected. However XP users won’t get any help from Microsoft to address them.

Ross Barrett, senior manager of security engineering at Rapid7, said: "Anyone still using XP just got a little less secure – not that they were well off to begin with. The IE critical vulnerability is the first that clearly would have applied to Windows XP, but for which a patch is not available."

He added that the SharePoint weakness "may prove to be a legitimate remotely exploitable issue" for hackers.

It is possible that hackers could use the security sore spots that also affect XP and target users of the retired operating system by performing before and after patch update comparisons of OS codes.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Karl Sigler, threat intelligence manager at Trustwave, warned anyone who has not upgraded from XP yet to do so as soon as possible. "This security bulletin will include vulnerabilities seen exploited in the wild and those running Windows XP will be out of luck," he added.

XP accounted for 26% of worldwide web traffic in April, according to research firm Net Applications, while warnings have been issued that hackers are ready to hit XP users now they are no longer protected.

Will Markham, security practice lead at IT managed services firm Colt, said: "You’re guaranteed you’re going to be targeted. If I’m a paid criminal…I will save up the ammo and then bang, when the doors are down I’ll hit it."

Russ Ernst, director of product management at IT security firm Lumension, said the IE vulnerability (for versions 6, 7 and 8 on XP) would require a minimum of monthly updates from IT departments running a newer OS, and confirmed hackers are still focused on the browser.

"The bad guys continue to wage war on what remains one of the most popular browsers," he said.

While the patches will be of benefit to any user of Windows Vista, Windows 7 or later, XP support is only available through costly custom support packages with Microsoft.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.