Risk
1/17/2014
05:46 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Microsoft Delays XP Antivirus Doomsday

Security Essentials for XP gets 15-month extension, but some antivirus vendors promise updates through 2017 and beyond

Microsoft announced Wednesday that even after it ceases support for its aging Windows XP operating system in April, it won't stop issuing new signatures and updates for its XP antivirus software engine until mid-2015. That represents an about-face by Microsoft, which previously said that as of April it would cease updating all of its XP-compatible security software, including the free Security Essentials.

Microsoft's Malware Protection Center, which announced the extension, pitched it as a way to help businesses and consumers move to a newer version of Windows. "To help organizations complete their migrations, Microsoft will continue to provide updates to our anti-malware signatures and engine for Windows XP users through July 14, 2015," Microsoft's malware protection team said in a blog post.

Read the full article here.

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web