For April’s Patch Tuesday, we’re waving goodbye to official XP patches and hello to the Windows 8.1 Update.
Plus: Critical updates for MS Word and Adobe Flash, a threat from malicious Publisher files, and a massive batch of nonsecurity Office fixes.
MS14-019 (2922229), MS14-018(2936068)
Two Windows updates are the final fixes for XP
Two security updates apply to all versions of Windows. They’re also the two final updates for Windows XP. KB 2922229 — rated important — fixes a vulnerability in how Windows handles .bat and .cmd files. KB 2936068 is the monthly cumulative fix for Internet Explorer; it’s rated critical for workstations.
To exploit the vulnerability in Windows’ file handling, an attacker must place a malicious .bat or .cmd file on a shared network. He must then trick victims into launching the file or clicking a link to a malicious site, as noted in a Microsoft Security Research and Defense blog. Because this is a relatively complex exploit, there are no reports of actual attacks yet — nor are they likely to be widespread.
It’s a bit sad to know we’ve come, at long last, to the end of XP’s long road — at least as far as updating is concerned. Many XP users insist they’ll stick with the OS regardless of the risks.
When we first saw XP, we laughed at its bright colors and chiclet-like icons. We complained about the mascots — Clippy, the dog, and later the cat. Yet as Microsoft closes the book on its most successful operating system, we’re reluctant to see it go. It’s been a stalwart friend through debacles such as Windows Millennium Edition and Vista. Many XP users still refuse to let it go, claiming it will be the only OS they ever use.
But as the Internet evolved into our indispensable means of communication, XP also became a vulnerable friend as well. It shipped without a firewall. It was nailed by Slammer and Blaster. And malicious hackers delivered malware over open ports. We suffered through Svchost issues that made XP a slug on bootup.