Microsoft's latest "Patch Tuesday" updates will be the last offered for Windows XP SP2 or Windows 2000 as had been previously announced. The Redmond-based giant issued four security-related advisories addressing several security bugs. One of the patched vulnerabilities was controversially described by a Google engineer, Tavis Ormandy, before Microsoft has a chance to push out a fix for the issue.
That particular bug, which was exploited quickly by criminals, affected the Windows Help and Support Center. Another two updates cover laws in the Microsoft Access ActiveX component and the CDD display driver foe Windows Server 2008 R2 and Windows 7. Overall, the Patch Tuesday load was about the norm.
"The most interesting vulnerability for the enterprise is MS10-045, which lets an attacker use a specially-crafted UNC path in an Outlook attachment to bypass Outlook’s warning about opening potentially malicious attachments," Tyler Reguly, senior security engineer at security firm nCircle, said.
"This is significant because Operation Aurora and other high profile email based attacks over the last year have proven to be highly successful."
To continue receiving updates, Windows XP SP2 desktops will need to be updated to SP3.
"The most interesting vulnerability for the enterprise is MS10-045, which lets an attacker use a specially-crafted UNC path in an Outlook attachment to bypass Outlook’s warning about opening potentially malicious attachments," Tyler Reguly, senior security engineer at security firm nCircle, said.
"This is significant because Operation Aurora and other high profile email based attacks over the last year have proven to be highly successful."
To continue receiving updates, Windows XP SP2 desktops will need to be updated to SP3.