Feeds

back to article Final Windows XP Patch Tuesday will plug Word RTF vuln

The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week. The critical 0-day vulnerability - already the object of targeted attacks - opens the door to remote code execution nasties if a user opens a RTF file in Word 2010 or in Outlook while …

COMMENTS

This topic is closed for new posts.

Page:

"Those who decide to remain on the Windows XP platform will be pretty much defenceless against these attacks unless third-party security solutions, such as Network-based Intrusion Prevention System (NIPS) and Host-based Intrusion Prevention System (HIPS) are in use"

Is anyone actually using XP, or in fact any version of windows, without a software or hardware firewall not made by MS between them and the internet?!?!?

17
1
Bronze badge
Facepalm

Where have you been?

Where have you been in the last few days?

http://forums.theregister.co.uk/forum/1/2014/04/02/the_mathematics_of_trust/

Make sure you read the posts.

0
4

Re: Where have you been?

Working, how about you :P

1
1
Silver badge

While they were totally protected yesterday ?

If you are still getting exploits on an OS that has been out for 10years then you really can't rely on updates to protect you

11
0
Bronze badge
Coat

Yawn.

Yawn.

13
0
Bronze badge

re "said that holdout XP users will be moving onto dangerous ground "

Windows full stop is "dangerous ground".

You really can't go somewhere you already belong.

From most dangerous to least we have Windows, OS/X, IOS, Android and then Linux.

Yet Android is the pet sheep project for our media. I really wonder why.

9
7

Let me re-order that for you

From most dangerous to least we have Windows, Android, {OS/X, Linux}, IOS.

If, of course, you're talking about system vulnerabilities that is. You can probably chuck IOS (rooted) after Android if you like.

3
9

Re: re "said that holdout XP users will be moving onto dangerous ground "

Its quite simple... Linux has TOO MANY 'versions', some wildly different! - Android is made to run on *particular* hardware. (If you do know one that I run on windows NOW, do tell... and no I do not mean VM!)

0
5
Linux

Linux has TOO MANY 'versions'?

@illiad: "Its quite simple... Linux has TOO MANY 'versions', some wildly different!" -

How many different versions can you use at the one time?

1
0
Silver badge

Linux has to many versions?

"Linux has TOO MANY 'versions', some wildly different!"

Uhm, yes, there are specialist versions of Linux, true. The Linux on your router is different to the one on your desktop... however you can easily write software which runs on all of them by just recompiling it. And that software would even work on a Linux Distribution from 1993 just as well as it does on todays systems, despite of potentially different hardware architectures and such.

Since you don't have package managers or full automated updates, even installations of one Windows version quickly diverge. And even on stock installations no two versions are alike. For example there is a whole separate set of versions for non-latin character sets. A feature which is implemented as a per user setting on most other platforms.

And even when you step back a bit, even the most basic APIs change. While you may still be able to port software from Win16 to Win32 and even Win64, .net is completely out of the question. And you cannot just choose one of them. While Win16 and Win32 can run on anything from Windows 3.1 (if you install Win32s), it won't run on Windows RT or Windows phone devices. (You could however port it to Windows CE).

"Android is made to run on *particular* hardware."

Yes and that is why Android development is so slow. The same is however also true for Windows phone or even Windows CE.

0
0
Silver badge

"Windows XP is a thirteen year old operating system .."

And they were fixing its flaws every month until it officially 'died'. For how many years will Microsoft be sending out essential security patches to Win7 and then Win 8?

15
0
Silver badge

Re: "Windows XP is a thirteen year old operating system .."

The worrying thing is that the issues they are patching now may have been in Windows for over a decade. We just don't know how long some of these vulnerabilities have been exploited without us having been told about them.

We remained happy in blissful ignorance of the problems, even though they could have been exploited. And how many more are there that are either currently unknown, or are known about but not published?

I am expecting Security Essentials for XP, which has had it's life extended for a while more, to start issuing dire warnings about every little thing it finds, just to increase the fear and uncertainty amongst the remaining XP users, to encourage them to change.

I am not planning to change my Wife's XP system that sits behind the house firewall, as long as she keeps using and updating Firefox and Libre Office. She does little else on the system (not even email), so I am pretty sure that she is unlikely to be affected by new vulnerabilities, and has nothing of any real value on the system even if it does get compromised. Must remind her to keep it backed up, however.

22
0
Bronze badge

Re: "Windows XP is a thirteen year old operating system .."

Pretty sure it’s the same for any OS, the issue is as usual programmed by human squishy things. Sometimes they don't realise that bit of code they just put in might not be used the way they envisaged.

5
0
Bronze badge

Re: "Windows XP is a thirteen year old operating system .."

>I am not planning to change my Wife's XP system that sits behind the house firewall, as long as she keeps using and updating Firefox and Libre Office. She does little else on the system (not even email), so I am pretty sure that she is unlikely to be affected by new vulnerabilities, and has nothing of any real value on the system even if it does get compromised. Must remind her to keep it backed up, however.

Give her some fresh Nordic Mint (x86), show some love.

4
6
Silver badge
Flame

Re: "Windows XP is a thirteen year old operating system .." @Hans 1

I've tried to get her to use Linux (strong Linux advocate here - see my other posts). Indeed, when she uses Firefox on my laptop, she barely notices the difference.

But if I suggest that I put it on her machine (actually it's already there, I installed it as a dual boot system before I gave it to her), she's irrationally negative. She is one of those people who absolutely knows that what someone else (especially me - what does that tell you about trust) tells her is a good idea is some nefarious plot. She's the same with advise from the Doctor, Vet or Financial Advisor, but trusts that the news on local commercial radio is more accurate and informative than the BBC!

9
1

Re: "Windows XP is a thirteen year old operating system .." @Hans 1

What the blazes? Sounds like we have the same wife! How long has this been going on?

6
0
Bronze badge

Re: "Windows XP is a thirteen year old operating system .."

>I am expecting Security Essentials for XP, which has had it's life extended for a while more, to start issuing dire warnings about every little thing it finds, just to increase the fear and uncertainty amongst the remaining XP users, to encourage them to change.

This has already happened to some extent, if you installed the March 2014 Security Essentials for XP update, as it will place a permanent reminder in the system tray that the system is out of date:..

See http://www.winbeta.org/news/updated-microsoft-security-essentials-constantly-remind-windows-xp-vulnerability

3
0
Bronze badge
Linux

Re: She does little else on the system

Surely she'd hardly notice if you stuck a Linux on it then?

4
0

Re: What the blazes?

Same here! Gentlemen, we have one very busy wife....

3
0
Anonymous Coward

Re: She does little else on the system

As an experiment, I put Linux on my Wife's computer. She didn't bat an eyelid... actually liked the "upgrade"

Me being a Windows user, I was a little peeved about that.

6
0
Vic
Silver badge

Re: "Windows XP is a thirteen year old operating system .." @Hans 1

> What the blazes? Sounds like we have the same wife!

Yeah, and she's moonlighting as my girlfriend.

We're going to fall out if this continues, y'know...

Vic.

2
0
Facepalm

Re: "Windows XP is a thirteen year old operating system .."

You shouldn't be able to access the kernel merely by opening a corrupt text file. You would also think someone would have spotted this thirteen year old bug. Is it possible to design an OS that don't get owned by clicking on a web-link or opening an email attachment?

0
0
Silver badge
WTF?

Re: "Windows XP is a thirteen year old operating system .." @Hans 1

Good Lord! That girlfriend of ours has the constitution of an Ox - and, it seems, the stubbornness.

0
0
Silver badge
WTF?

Re: "Windows XP is a thirteen year old operating system .." @Hans 1

Personally I'd like to know what technology my wife is using to travel all these vast distances whilst seemingly remaining in our domicile ? And if she is using some kind of time-stop insta-travel technology (like Santa Claus uses) then why is she so stuck on Windows?

0
0
Bronze badge

Re: "Windows XP is a thirteen year old operating system .."

Two.

Then there's a fee to subscribe, right.

0
0
Anonymous Coward

meh

There are thousands of WinXP without service packs, because of MS genuine advatage program, some thousands more fully patched til april 8th isn't going to make much difference. Bots are alive and kicking now on patched windows boxes, the lack of a few patches for XP will make no difference, windows will still be pawned, patches or no.

21
0
Bronze badge
Pirate

Ignorance

I have been telling a few users to abandon XP for the last 3 years now. Only one has upgraded to Win7 due to their old machine dying. Well there on their fucking own now...

2
15
Bronze badge
Coat

Re: Ignorance

>I have been telling a few users to abandon XP for the last 3 years now.

I have been telling a few users to abandon XP for the last 13 years now.

The World Won't Listen

14
1
Bronze badge
Headmaster

Re: Ignorance

I hate myself for doing this, but instead of " well there on their fucking own now..", it should have read "well they're on their fucking own now".....really really sorry about that.

19
0
Bronze badge
Holmes

Re: Ignorance

LOL cool, that's a big failing of mine and at about 3am in the morning it doesn't make it any better.

Anyway, tell your teacher on Monday and you might get a merit.

1
0
Bronze badge
Windows

Let's throw 'em a dime, poor souls.

> "Windows XP is a thirteen year old operating system .."

>And they were fixing its flaws every month until it officially 'died'.

Yes, 13 years of plasters for the sieve ... and it still leaks ;-)

22
0
Anonymous Coward

heh. Still can't get it right...

That's about 15 years in the making, and they're throwing in the towel.

6
0
Bronze badge
Coffee/keyboard

Who the hell comes up with this stuff?

I mean... NIPS and HIPS?!?

Worse than the mess created by Microsoft Wan... sorry OneCare!

3
0
Mushroom

We are all gonna DIE ! ! !

7
0
Bronze badge

Re - "We are all gonna DIE ! ! !"

yep, that is a true statement. But, more importantly, why won't anybody think of the children?

7
0
Silver badge

Re: Re - "We are all gonna DIE ! ! !"

We know they're going to die too, hopefully after their parents, but did you have to be so brutal about it?

Disgusted of Tunbridge Wells

0
0

UPGRAYEDDED

Upgraydded my dads old Compaq laptop with Xubuntu from XP. He is 78, and he loves it.

7
2

I wouldn't put it past Microshaft to deliberately leak something damaging to XP into the wild.

13
5
Bronze badge

They have, haven't you heard of Windows Updates?

3
0
Silver badge
Linux

VM

As for me, I'm going to do one last update and leave XP locked into a VM for the odd time that I may need it.

Hopefully I will never have to install 2GB of bloatware (Nokia Smart Suite) just to update the firmware on my featureless phone ever again.

3
0
Anonymous Coward

Meanwhile...

... a 5-year-old cracked into Daddy's Xbox one password by typing in blanks on the "wrong password" verification screen... That's MSFT for you.

http://consumerist.com/2014/04/04/microsoft-thanks-5-year-old-who-found-a-hole-in-xbox-ones-password-security-system/

5
2
Bronze badge
Black Helicopters

Re: Meanwhile...

Bet the NSA has put the kid on their SHIT LIST now. The dad had better check the brakes on the kid's "Big Wheel" just to be on the safe side!

4
1
Holmes

let add it up

13 years X 12 X 3meg average patch day = 468,000,000

hmm could have replaced the whole OS with the patches

to extend

468,000,000 x 400,000,000 average number of user (just a guess) = 1.872e+17 byte sent out

No wonder my internet is slow :)

3
1
Bronze badge
Megaphone

Re: let add it up

It's the pr0n that's slowing down your internet. The updates are just a side effect.

1
0
Gold badge
Unhappy

13 years

And they still did not make a secure system.

4
3
Bronze badge
Facepalm

Re: 13 years

What did you expect, the Spanish Inquisition?

3
0
Windows

Defenseless?

"Those who decide to remain on the Windows XP platform will be pretty much defenceless against these attacks unless third-party security solutions, such as....."

Blah blah blah we're all going to die (NOT)

http://www.litepc.com/

https://www.grc.com/default.htm

Cut out the crap and the OS is actually not bad.

2
0
Anonymous Coward

"pretty much defenceless against these attacks"

But isn't that the whole Microsoft XPerience anyway?

3
0

Bug in Word. Haven't used since... Check!

Bug in Internet Explorer. Haven't since even before i haven't used... Check!

Bug in Publisher. Haven't used, period. Check!

If these are the kind of "vulnerabilities" XP is gonna have from now on, man, keep'em coming.

p.s. If you have a) still use Word b) still use IE and c) allow crap like Publisher on the boxes, you had it coming didn't you?

2
1
Anonymous Coward

Zero-day Word vulnerability ..

"The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week"

Microsoft, the company that make text dangerious ...

3
0

Page:

This topic is closed for new posts.