I expect Windows XP defensibility to deteriorate quickly over the next few weeks and months as attackers will find ways to exploit certain aspects of the operating system, internet browser, mail programs, office software (Office 2003 is also EOL) and even third-party programs such your PDF reader (Adobe says they will not update Adobe Reader on XP anymore). That is better than the 30% often quoted for general Internet users (admittedly Qualys users are probably more security-conscious than the average user), but is still a very unhealthy posture. Not all of you have migrated away from Windows XP our measurements show over 10% of you are still on XP, both in the Enterprise sector:Īnd also in the SMB/home sector (Qualys BrowserCheck users) Microsoft has introduced 3 new operating systems since (Vista, Windows 7 and Windows 8) and all are better equipped than XP, at least as far as security is concerned. This year, after a 13 year run, it is “game over” for Windows XP.
With the introduction of Service Pack 2 in 2004 several important security features were added, such as a default-on firewall (which severely curtailed the spread of network worms) and the Security Center, a one-stop shop for the security settings – firewall, automatic updates and AV protection. Windows XP first came to market in 2001 and was by all measures a tremendously successful operating system. We have added the detection for the issue into SSLLabs and into QualysGuard, but stay tuned as we will be providing more information on affected distribution and products. Look to your Linux distro maintainer for updates. A patch is available in OpenSSL 1.0.1g, alternatively one can recompile the OpenSSL version in use without the vulnerable “heartbeat” extension. A remote attacker can get access to your private encryption key and would then be able to decipher the encrypted traffic to and from the website. The so-called “Heartbleed” vulnerability (CVE-2014-0160) is present in all recent OpenSSL versions and can be used to get information from the server that uses OpenSSL, for example, your web server. Yesterday a vulnerability in OpenSSL was disclosed that actually overshadows this Microsoft Patch Tuesday.
It is a small release with only four bulletins, MS14-017 to MS14-020, a light patch Tuesday for the second month in a row.īut the Microsoft bulletin is not the most important item this month (even though MS14-017 fixes the current Word 0-day), but rather two other items: the new HeartBleed bug that impacts OpenSSL, and the arrival of Windows XP end of life.
Tuesday, Ap– today Microsoft came out with the bulletins for April Patch Tuesday.
0 kommentar(er)
