Adobe: Photoshop is not a target for attackers
Adobe have responded to the suggestion that they are effectively charging for security updates, saying that they do not believe that "the real-world risk to customers warranted an out-of band release to resolve these issues". On Wednesday, a security bulletin issued by Adobe pointed out security flaws in Photoshop CS5/CS5.5 and Illustrator CS5/CS5.5, but offered only a paid-for upgrade to the very recently released CS6 versions of the applications as a fix for the flaws. Read more...
Microsoft to pull plug on XP in 2 years
Microsoft has kicked off what it calls a "two-year countdown" to the death of Windows XP and the Office 2003 productivity suite.
Separately, Microsoft announced that Windows Vista, the problem-plagued operating system that never really took hold among customers, exited mainstream support on April 10. In a product's extended support phase, Microsoft provides security patches to registered users but offers other fixes, including reliability and stability updates, only to organizations that have support contracts with the company. Read more...
Microsoft starts XP retirement countdown
Microsoft yesterday kicked off what it called a "two-year countdown" to the death of Windows XP, its longest-lived operating system.
Windows XP and the business productivity suite Office 2003 both exit all support on April 8, 2014, a company spokeswoman said in a Monday blog post.
On that date, Microsoft will stop shipping security updates for XP and Office 2003.
XP went on sale in October 2001 while Office 2003 launched October 2003. Read more...
Microsoft to issue more critical patches next week for Win7 than XP
Microsoft today said it would deliver nine security updates next week, four of them critical, to patch 21 vulnerabilities in Windows, Internet Explorer (IE), Office, .Net and Silverlight.
This year's February Patch Tuesday will feature three fewer updates and one less patch than 2011's.
Four of the nine updates were tagged "critical," the highest threat ranking in Microsoft's four-step system, while the other five were marked "important," the second-level rating. All of the critical updates and two of those pegged important will patch bugs that Microsoft admitted could be exploited by attackers to hijack computers and plant malware on PCs. Read more...
Microsoft slates IE bug fix for next week
Microsoft today said it will ship eight security updates next week to patch 23 vulnerabilities in Windows, Internet Explorer (IE) and several other products in its portfolio.
The company sketched out the upcoming patches in an advanced notice of Patch Tuesday's line-up.
Two of the eight updates, which Microsoft refers to as "bulletins," will be rated "critical," the most-serious threat ranking in its scoring system. The remaining six will be labeled "important," the next-most-severe tag. Most of the bulletins, including four of the six pegged as important, are to patch vulnerabilities that attackers could exploit to execute malicious code, and potentially commandeer the computer, the company acknowledged.
Microsoft said that the eight updates will fix 23 security flaws. The company usually delivers a larger number of updates that patch a higher number of vulnerabilities in even-numbered months, leaving a lighter load for odd-numbered months.
In August, for example, Microsoft issued 13 updates that patched 22 vulnerabilities, while in September it delivered five updates that quashed 15 bugs. Read more...
Microsoft plans 22 patches for Windows, Office next week
Microsoft today said it will issue four security updates next week, only one of which is pegged as critical, to patch 22 vulnerabilities in Windows and Visio 2003.
Next Tuesday's patch lineup is smaller than June's, when Microsoft shipped 16 updates that fixed 34 flaws. The company typically delivers a lighter load in odd-numbered months. In May, for instance, Microsoft shipped just two updates -- the company calls them "bulletins" -- to patch only three vulnerabilities.
Of the four updates slated, one will be rated "critical," the highest threat label in Microsoft's four-step scoring system, while the other three will be marked "important," the second-most-dire ranking.
Next week's Patch Tuesday vulnerability count will be among the largest for the year, with its 22 bested only by April's 64 and June's 34, and tied with February's collection. Read more...