back to article Final Windows XP Patch Tuesday will plug Word RTF vuln

The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week. The critical 0-day vulnerability - already the object of targeted attacks - opens the door to remote code execution nasties if a user opens a RTF file in Word 2010 or in Outlook …

COMMENTS

This topic is closed for new posts.
  1. Reading Your E-mail

    "Those who decide to remain on the Windows XP platform will be pretty much defenceless against these attacks unless third-party security solutions, such as Network-based Intrusion Prevention System (NIPS) and Host-based Intrusion Prevention System (HIPS) are in use"

    Is anyone actually using XP, or in fact any version of windows, without a software or hardware firewall not made by MS between them and the internet?!?!?

    1. RobHib
      Facepalm

      Where have you been?

      Where have you been in the last few days?

      http://forums.theregister.co.uk/forum/1/2014/04/02/the_mathematics_of_trust/

      Make sure you read the posts.

      1. Reading Your E-mail

        Re: Where have you been?

        Working, how about you :P

    2. Yet Another Anonymous coward Silver badge

      While they were totally protected yesterday ?

      If you are still getting exploits on an OS that has been out for 10years then you really can't rely on updates to protect you

  2. RobHib
    Coat

    Yawn.

    Yawn.

  3. Alan Denman

    re "said that holdout XP users will be moving onto dangerous ground "

    Windows full stop is "dangerous ground".

    You really can't go somewhere you already belong.

    From most dangerous to least we have Windows, OS/X, IOS, Android and then Linux.

    Yet Android is the pet sheep project for our media. I really wonder why.

    1. Barry Tabrah

      Let me re-order that for you

      From most dangerous to least we have Windows, Android, {OS/X, Linux}, IOS.

      If, of course, you're talking about system vulnerabilities that is. You can probably chuck IOS (rooted) after Android if you like.

    2. illiad

      Re: re "said that holdout XP users will be moving onto dangerous ground "

      Its quite simple... Linux has TOO MANY 'versions', some wildly different! - Android is made to run on *particular* hardware. (If you do know one that I run on windows NOW, do tell... and no I do not mean VM!)

      1. pacman7de
        Linux

        Linux has TOO MANY 'versions'?

        @illiad: "Its quite simple... Linux has TOO MANY 'versions', some wildly different!" -

        How many different versions can you use at the one time?

      2. Christian Berger

        Linux has to many versions?

        "Linux has TOO MANY 'versions', some wildly different!"

        Uhm, yes, there are specialist versions of Linux, true. The Linux on your router is different to the one on your desktop... however you can easily write software which runs on all of them by just recompiling it. And that software would even work on a Linux Distribution from 1993 just as well as it does on todays systems, despite of potentially different hardware architectures and such.

        Since you don't have package managers or full automated updates, even installations of one Windows version quickly diverge. And even on stock installations no two versions are alike. For example there is a whole separate set of versions for non-latin character sets. A feature which is implemented as a per user setting on most other platforms.

        And even when you step back a bit, even the most basic APIs change. While you may still be able to port software from Win16 to Win32 and even Win64, .net is completely out of the question. And you cannot just choose one of them. While Win16 and Win32 can run on anything from Windows 3.1 (if you install Win32s), it won't run on Windows RT or Windows phone devices. (You could however port it to Windows CE).

        "Android is made to run on *particular* hardware."

        Yes and that is why Android development is so slow. The same is however also true for Windows phone or even Windows CE.

  4. frank ly

    "Windows XP is a thirteen year old operating system .."

    And they were fixing its flaws every month until it officially 'died'. For how many years will Microsoft be sending out essential security patches to Win7 and then Win 8?

    1. Peter Gathercole Silver badge

      Re: "Windows XP is a thirteen year old operating system .."

      The worrying thing is that the issues they are patching now may have been in Windows for over a decade. We just don't know how long some of these vulnerabilities have been exploited without us having been told about them.

      We remained happy in blissful ignorance of the problems, even though they could have been exploited. And how many more are there that are either currently unknown, or are known about but not published?

      I am expecting Security Essentials for XP, which has had it's life extended for a while more, to start issuing dire warnings about every little thing it finds, just to increase the fear and uncertainty amongst the remaining XP users, to encourage them to change.

      I am not planning to change my Wife's XP system that sits behind the house firewall, as long as she keeps using and updating Firefox and Libre Office. She does little else on the system (not even email), so I am pretty sure that she is unlikely to be affected by new vulnerabilities, and has nothing of any real value on the system even if it does get compromised. Must remind her to keep it backed up, however.

      1. Hans 1

        Re: "Windows XP is a thirteen year old operating system .."

        >I am not planning to change my Wife's XP system that sits behind the house firewall, as long as she keeps using and updating Firefox and Libre Office. She does little else on the system (not even email), so I am pretty sure that she is unlikely to be affected by new vulnerabilities, and has nothing of any real value on the system even if it does get compromised. Must remind her to keep it backed up, however.

        Give her some fresh Nordic Mint (x86), show some love.

        1. Peter Gathercole Silver badge
          Flame

          Re: "Windows XP is a thirteen year old operating system .." @Hans 1

          I've tried to get her to use Linux (strong Linux advocate here - see my other posts). Indeed, when she uses Firefox on my laptop, she barely notices the difference.

          But if I suggest that I put it on her machine (actually it's already there, I installed it as a dual boot system before I gave it to her), she's irrationally negative. She is one of those people who absolutely knows that what someone else (especially me - what does that tell you about trust) tells her is a good idea is some nefarious plot. She's the same with advise from the Doctor, Vet or Financial Advisor, but trusts that the news on local commercial radio is more accurate and informative than the BBC!

          1. NotWorkAdmin

            Re: "Windows XP is a thirteen year old operating system .." @Hans 1

            What the blazes? Sounds like we have the same wife! How long has this been going on?

            1. Euripides Pants

              Re: What the blazes?

              Same here! Gentlemen, we have one very busy wife....

            2. Vic

              Re: "Windows XP is a thirteen year old operating system .." @Hans 1

              > What the blazes? Sounds like we have the same wife!

              Yeah, and she's moonlighting as my girlfriend.

              We're going to fall out if this continues, y'know...

              Vic.

              1. Will Godfrey Silver badge
                WTF?

                Re: "Windows XP is a thirteen year old operating system .." @Hans 1

                Good Lord! That girlfriend of ours has the constitution of an Ox - and, it seems, the stubbornness.

                1. Sir Runcible Spoon
                  WTF?

                  Re: "Windows XP is a thirteen year old operating system .." @Hans 1

                  Personally I'd like to know what technology my wife is using to travel all these vast distances whilst seemingly remaining in our domicile ? And if she is using some kind of time-stop insta-travel technology (like Santa Claus uses) then why is she so stuck on Windows?

      2. Roland6 Silver badge

        Re: "Windows XP is a thirteen year old operating system .."

        >I am expecting Security Essentials for XP, which has had it's life extended for a while more, to start issuing dire warnings about every little thing it finds, just to increase the fear and uncertainty amongst the remaining XP users, to encourage them to change.

        This has already happened to some extent, if you installed the March 2014 Security Essentials for XP update, as it will place a permanent reminder in the system tray that the system is out of date:..

        See http://www.winbeta.org/news/updated-microsoft-security-essentials-constantly-remind-windows-xp-vulnerability

      3. Pookietoo
        Linux

        Re: She does little else on the system

        Surely she'd hardly notice if you stuck a Linux on it then?

        1. Anonymous Coward
          Anonymous Coward

          Re: She does little else on the system

          As an experiment, I put Linux on my Wife's computer. She didn't bat an eyelid... actually liked the "upgrade"

          Me being a Windows user, I was a little peeved about that.

    2. Captain Scarlet

      Re: "Windows XP is a thirteen year old operating system .."

      Pretty sure it’s the same for any OS, the issue is as usual programmed by human squishy things. Sometimes they don't realise that bit of code they just put in might not be used the way they envisaged.

      1. pacman7de
        Facepalm

        Re: "Windows XP is a thirteen year old operating system .."

        You shouldn't be able to access the kernel merely by opening a corrupt text file. You would also think someone would have spotted this thirteen year old bug. Is it possible to design an OS that don't get owned by clicking on a web-link or opening an email attachment?

    3. cortland

      Re: "Windows XP is a thirteen year old operating system .."

      Two.

      Then there's a fee to subscribe, right.

  5. Anonymous Coward
    Anonymous Coward

    meh

    There are thousands of WinXP without service packs, because of MS genuine advatage program, some thousands more fully patched til april 8th isn't going to make much difference. Bots are alive and kicking now on patched windows boxes, the lack of a few patches for XP will make no difference, windows will still be pawned, patches or no.

  6. southpacificpom
    Pirate

    Ignorance

    I have been telling a few users to abandon XP for the last 3 years now. Only one has upgraded to Win7 due to their old machine dying. Well there on their fucking own now...

    1. Hans 1
      Coat

      Re: Ignorance

      >I have been telling a few users to abandon XP for the last 3 years now.

      I have been telling a few users to abandon XP for the last 13 years now.

      The World Won't Listen

    2. i like crisps
      Headmaster

      Re: Ignorance

      I hate myself for doing this, but instead of " well there on their fucking own now..", it should have read "well they're on their fucking own now".....really really sorry about that.

      1. southpacificpom
        Holmes

        Re: Ignorance

        LOL cool, that's a big failing of mine and at about 3am in the morning it doesn't make it any better.

        Anyway, tell your teacher on Monday and you might get a merit.

  7. Hans 1
    Windows

    Let's throw 'em a dime, poor souls.

    > "Windows XP is a thirteen year old operating system .."

    >And they were fixing its flaws every month until it officially 'died'.

    Yes, 13 years of plasters for the sieve ... and it still leaks ;-)

    1. Anonymous Coward
      Anonymous Coward

      heh. Still can't get it right...

      That's about 15 years in the making, and they're throwing in the towel.

  8. Chika
    Coffee/keyboard

    Who the hell comes up with this stuff?

    I mean... NIPS and HIPS?!?

    Worse than the mess created by Microsoft Wan... sorry OneCare!

  9. cosmo the enlightened
    Mushroom

    We are all gonna DIE ! ! !

    1. Spoonsinger

      Re - "We are all gonna DIE ! ! !"

      yep, that is a true statement. But, more importantly, why won't anybody think of the children?

      1. Will Godfrey Silver badge

        Re: Re - "We are all gonna DIE ! ! !"

        We know they're going to die too, hopefully after their parents, but did you have to be so brutal about it?

        Disgusted of Tunbridge Wells

  10. Sporkinum

    UPGRAYEDDED

    Upgraydded my dads old Compaq laptop with Xubuntu from XP. He is 78, and he loves it.

  11. Palf

    I wouldn't put it past Microshaft to deliberately leak something damaging to XP into the wild.

    1. southpacificpom

      They have, haven't you heard of Windows Updates?

  12. Mystic Megabyte
    Linux

    VM

    As for me, I'm going to do one last update and leave XP locked into a VM for the odd time that I may need it.

    Hopefully I will never have to install 2GB of bloatware (Nokia Smart Suite) just to update the firmware on my featureless phone ever again.

  13. Anonymous Coward
    Anonymous Coward

    Meanwhile...

    ... a 5-year-old cracked into Daddy's Xbox one password by typing in blanks on the "wrong password" verification screen... That's MSFT for you.

    http://consumerist.com/2014/04/04/microsoft-thanks-5-year-old-who-found-a-hole-in-xbox-ones-password-security-system/

    1. i like crisps
      Black Helicopters

      Re: Meanwhile...

      Bet the NSA has put the kid on their SHIT LIST now. The dad had better check the brakes on the kid's "Big Wheel" just to be on the safe side!

  14. James Loughner
    Holmes

    let add it up

    13 years X 12 X 3meg average patch day = 468,000,000

    hmm could have replaced the whole OS with the patches

    to extend

    468,000,000 x 400,000,000 average number of user (just a guess) = 1.872e+17 byte sent out

    No wonder my internet is slow :)

    1. southpacificpom
      Megaphone

      Re: let add it up

      It's the pr0n that's slowing down your internet. The updates are just a side effect.

  15. John Smith 19 Gold badge
    Unhappy

    13 years

    And they still did not make a secure system.

    1. southpacificpom
      Facepalm

      Re: 13 years

      What did you expect, the Spanish Inquisition?

  16. Euripides Pants
    Windows

    Defenseless?

    "Those who decide to remain on the Windows XP platform will be pretty much defenceless against these attacks unless third-party security solutions, such as....."

    Blah blah blah we're all going to die (NOT)

    http://www.litepc.com/

    https://www.grc.com/default.htm

    Cut out the crap and the OS is actually not bad.

  17. Anonymous Coward
    Anonymous Coward

    "pretty much defenceless against these attacks"

    But isn't that the whole Microsoft XPerience anyway?

  18. Nuno trancoso

    Bug in Word. Haven't used since... Check!

    Bug in Internet Explorer. Haven't since even before i haven't used... Check!

    Bug in Publisher. Haven't used, period. Check!

    If these are the kind of "vulnerabilities" XP is gonna have from now on, man, keep'em coming.

    p.s. If you have a) still use Word b) still use IE and c) allow crap like Publisher on the boxes, you had it coming didn't you?

  19. Anonymous Coward
    Anonymous Coward

    Zero-day Word vulnerability ..

    "The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week"

    Microsoft, the company that make text dangerious ...

    1. Sir Runcible Spoon
      Joke

      Re: Zero-day Word vulnerability ..

      I was going to post a reply about Word spell checker, but a search has thrown up plenty of results for that strange word - although I haven't yet found the definition of what it means - could you Lucy date me?

  20. Oldfogey
    Happy

    Word 2003?

    My machines, and those I support, run Word 97. Still works fine, and most people don't do any more than writing letters - I give them Word because they are used to it.

  21. pacman7de
    Facepalm

    Windows XP lacks security features?

    "Windows XP is a thirteen year old operating system that lacks the security features of the latest Windows platforms"

    "As of December 2005, the following Microsoft Windows platform products have achieved Common Criteria Evaluation Assurance Level (EAL) 4 + Augmented with ALC_FLR.3 certification: .. Microsoft Windows XP Professional with SP2 .. Microsoft Windows XP Embedded with SP2" ref

  22. Gvork

    Support Extended

    Its okay, if you read the page fully you'll see support has been extended until 2104

    https://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx

    You'll see this gem of a paragraph:

    "Potential risks of staying with Windows XP"

    The first line is the dinger:-

    "Running Windows XP SP3 in your environment after April 8, 2104 may expose you to potential risks, such as:"

This topic is closed for new posts.

Other stories you might like