Number:IRCNE2014042147
Date: 2014-04-06
According to “computerworld”, microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.
Of the four updates, two were tagged "critical," Microsoft's most serious threat rating, and the other pair was marked "important," the next step down in the firm's four-part scoring system.
All four, however, were labeled in today's advance notification with the phrase "remote code execution," meaning that attackers could hijack an unpatched PC if they managed to exploit the vulnerabilities.
One of the quartet will directly affect Windows XP -- all versions of Windows, actually, including the newest, Windows 8.1 -- while another will also impact the 13-year-old OS because it will patch all editions of Internet Explorer, including IE6, which faces retirement, too, and IE8, the most popular Microsoft browser for XP.
All versions of Word -- Word 2003, Word 2007, Word 2013 and Word 2013 RT on Windows, and Word 2011 on OS X -- will be patched next week to quash the bug.
He recommended that Microsoft customers apply the IE update as soon as possible. "It's almost always 'IE first,'" he said. "Then, no question -- apply that Word fix pronto."
Bulletin 1, the update that will patch Word, will also affect SharePoint Server 2010 and SharePoint Server 2013, the collaboration software many enterprises have deployed to support Office. Because SharePoint Server runs a service called "Word Automation Services," which automatically opens documents in several formats, including RTF, it could also be exploited, potentially spreading attack code throughout a company.
- 5