Microsoft Patches New Zero Day Vulnerability – But Not for XP

Microsoft released a wave of new security patches yesterday, but at the top of the list in terms of priority is the zero day vulnerability which affects all operating systems dating back to Windows 95. Interestingly, it seems this bug has been around and included in Microsoft software for at least 19 years, and could have been exploited remotely for the past 18 years (although it wasn’t discovered/reported/patched until just recently).

Unpatched users are exposed to the vulnerability via Internet Explorer or Microsoft Office (however there are not yet any reported exploits of this flaw in the wild). The reason the vulnerability is considered so severe is that it will allow code to be executed remotely on an unpatched machine. If you haven’t patched it yet, you should do so quickly. For itSynergy customers on any of our monthly plans, we will be rolling out the patch during your next maintenance window.

Of note related to all of this is that no patch has been issued for Windows XP. Although the VAST majority of our customers don’t have any XP left, there are still a few out there and we have had discussions that it was only a matter of time until a flaw was found that Microsoft would not patch. As you can determine from reading our previous posts on the topic, Microsoft has ‘blinked’ in the past and issued a patch for Windows XP even after the end of support for that operating system. This time (at least so far) the silence has been deafening which means yesterday officially marks the day when XP can no longer be considered safe to use.

We will continue to watch and provide an update here if Microsoft changes their stance, but at least for now, there are two items on your to do list: patch all of your computers, and get rid of those last few XP machines.