Microsoft revealed a preview of the five security bulletins scheduled to be released on March 11 including the penultimate security update for Windows XP as part of March’s Patch Tuesday. Of the five security bulletins, two are rated “critical” and three “important”.
One of the critical updates will address the zero-day bug (unpatched but being exploited) in Internet Explorer that was discovered earlier.
Microsoft has previously addressed the issue with ‘Fix it’, but Tuesday’s patch will be more permanent fix. The other critical security update addresses a Windows vulnerability in all the versions of Windows, except RT and Server Core.
Among the three security bulletins rated as important, two updates patch a privilege elevation vulnerability and a security feature bypass, that affect nearly all the Windows versions. The last important update fixes a security feature bypass flaw in Silverlight 5 for users on both Windows and Mac.
All the five security updates address vulnerabilities on Microsoft Windows XP, the 14-year-old operating system that the company will stop supporting on April 8.
“Windows XP is affected by all five updates, and there is really no reason to expect this picture to change; Windows XP will continue to be impacted by the majority of vulnerabilities found in the Windows ecosystem, but you will not be able to address the issues anymore,” wrote Qualys CTO Wolfgang Kandek.
“Windows XP is getting its penultimate update and is now very close (just over 30 days) to its declared end of life date.”
Qualys also reported that it continues “to see a large number of XP systems in its scans,” ranging from around 25 percent in BrowserCheck to under 20 per cent in QualysGuard service.
Penultimate — I didn’t know the definition. It means ‘second to last’ …. which is true…. but implies nothing else.