Patch Tuesday sounds death knell for Win XP SP2
Hasta la vista
Ensure Ease of Recovery with Asigra’s Agentless Software
Microsoft released the expected four security advisories on Tuesday, three of which earn the dread rating of critical. They collectively address five security vulnerabilities.
There are two critical fixes for Windows in the batch, including an update designed to resolve a zero-day vulnerability involving Windows Help and Support Centre that's become a hackers' favourite over recent weeks. The vulnerability was controversially disclosed by Google staffer Tavis Ormandy prior to Microsoft providing a fix.
The other two critical updates cover flaws in Microsoft Access ActiveX component and the CDD display driver for Windows 7 and Windows 2008R2. Lesser risk "important" updates cover security bugs in the handling of attachments by Microsoft Outlook.
Tyler Reguly, senior security engineer at security firm nCircle, described July's patches as "pretty mundane" in terms of corporate security.
"The most interesting vulnerability for the enterprise is MS10-045, which lets an attacker use a specially-crafted UNC path in an Outlook attachment to bypass Outlook’s warning about opening potentially malicious attachments," Reguly said. "This is significant because Operation Aurora and other high profile email based attacks over the last year have proven to be highly successful."
The Internet Storm Centre has once again put together a handy overview of Microsoft's latest Patch Tuesday update here. Microsoft's bulletin is here.
July 2010's Patch Tuesday marked the last month Microsoft will issue patches for either Windows XP Service Pack 2 and Win 2000. Security watchers reckon a significant proportion of Windows machines are still running Win XP SP2.
"Since Windows XP is still the most popular OS version for Windows, I believe we’re dealing with hundreds of millions of Windows XP SP2 systems that need to be upgraded," said Wolfgang Kandek, CTO of Qualys. "Our own monitoring shows that roughly 50 percent of all XP machines still run on the SP2 version. XP SP2 machines can be found both in corporate installations and are also very often the OS on home machines." ®
COMMENTS
I saw your reply and thought of this...
http://xkcd.com/323/
Quality =)
Sustainability
I think your posting is very well stated. (which is basically what I say below, with observations)
I had good reason to move from Windows NT 4 to Windows 2000 back then...Windows 2000 really came with some features I wanted to have, such as fully integrated plug-n-play support and the ability to service the operating system *once* per service pack! (Anybody remember updating NT after installing a new driver or OS feature and then having to reinstall the last service pack? I don't miss those days at all.) Microsoft didn't really have to work too hard to sell me on those benefits.
On my systems, and across a lot of different installations, Windows 2000 proved itself to be a stable and FAST workhorse of an operating system, much more so than any release of Windows had ever been (again, in my experience). It was a bit on the hungry side for RAM and not all that secure. At least the security improved somewhat over time (though I would have like to seen the security boosting features of XP SP2 brought to Win2k).
I moved some systems to Windows XP when some of the software I wanted to use demanded it. Windows XP was definitely slower, naggier (do you want to clean up your desktop? no. how about now? no. now, maybe? no. What about cleaning your desktop...>BLAM!< ... "Local Area Network Connection is now connected, 100.0 mbps...siiiiiigh...) and came with some definite non-features such as product activation, the start of the DRM-related protected output path(s) and other stuff. Oh, and the Explorer windows that lose their shape and size settings any time you change your screen resolution--plus, some, like the floppy drive window, don't save their settings at all, choosing instead to default to some asinine large window that takes over too much of the screen. Yay for progress.
I have no use at all for Vista and Win7, the shell in each one is so badly broken and stripped of capabilities that I came to know and use that I just can't do it. If they were going to copy the Macintosh, couldn't they at least have done it *properly*?
Microsoft won't sell me another copy of Windows because there is nothing I want to be found. Make the damn thing work, make the UI sensible and make it lean 'n' mean...and I'll buy it. Otherwise, no sale.
Windows 2000 still soldiers on with most of my computers. It does what I want and has every feature I need. I'll run it until I can no longer do so. And when I can't, it looks like I'll be done with Windows. I don't know for sure where I'm going yet. Probably a mix of Mac OS, Linux and some type of FreeBSD derivative.
Back to your regularly scheduled programming.
ME? You cannot be serious!
ME? Stable?? Most of us thought naming ME after a seriously debilitating ailment was quite deliberate.
The last stable release of Windows was NT4 SP6, or arguably NT3.51, although current XP SP3 isn't bad. The last stable Windows 9x was Windows 98 SE.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
