From InfoWorld: Microsoft Thursday said it will issue five security updates next week, two tagged as "critical," to close holes in Windows and the company's Exchange-based Forefront Protection 2010 security software.
Three of the four updates for Windows will affect Windows XP, the 13-year-old operating system that Microsoft plans to retire from patching support on April 8. After next week's Patch Tuesday, Microsoft has just two more rounds of security updates on its schedule before it pulls the plug on the aged OS.
One of the two critical updates -- and the only one that will apply to Windows -- does not even patch XP, according to Microsoft's typically-terse advanced notification published Thursday. Instead "Bulletin 1." as that update was tentatively labeled, will patch Windows 7, 8 and 8.1; Window RT and RT 8.1; and Windows Server 2008 R2, 2012 and 2012 R2. All are among the newer editions from Redmond.
"It's probably a classic [case] of something new added or some new bit of code introduced in newer versions," said Andrew Storms, director of DevOps at CloudPassage, explaining Bulletin 1's impact.
Two other Windows updates do affect XP, but both were rated as "important" on Microsoft's four-step scoring system, a level lower than critical. One could be used by attackers to obtain additional access right while the other could be used to snatch personal data from the compromised PC.
Also rated critical was the update for Forefront Protection 2010, a security and anti-spam program deployed on on-premises Exchange email servers. As usual, Microsoft provided no clues as to what the update will actually patch or where the vulnerability lies, but because Forefront is deployed on company-critical Exchange systems, it should be closely examined next week.
"This one is critical with [remote code execution] on Exchange, which is always going to get a lot of attention," said Storms. "It might just top our list next week, although we'll have to see the attack vector first."
View: Article @ Source Site
