WITH ONLY TWO MONTHS to go before Microsoft puts an end to support for Windows XP, the Redmond firm has rolled out two critical updates for its nearly obsolete PC operating system (OS) as part of its monthly Patch Tuesday update.
The two critical Windows XP updates patch remote code execution vulnerabilities and were added to the security bulletin at the last minute. The first is an Internet Explorer (IE) patch that affects all supported versions from IE 6 to IE 11, and the second is a Microsoft Windows patch that applies to Server Core installations from Windows XP to Windows 8.1 and Windows Server 2012.
Microsoft patched seven bulletins in all, with four rated "critical". The remaining three updates are rated "important".
The first bulletin addresses a flaw in the Windows operating system and applies to both clients and servers, Windows 7, Windows Server 2008, Windows 8 and Windows RT, but Windows XP and Windows Vista are not affected.
The second bulletin is a critical patch for users of Microsoft Forefront for Exchange, which has a remote code execution vulnerability that could turn software that's supposed to be a security asset into a danger.
The third and fourth bulletins patch local vulnerabilities for all versions of Windows, and address an elevation of privilege and an information disclosure vulnerability, respectively, while the fifth bulletin addresses a Denial of Service vulnerability in Windows 8.
In addition to its Patch Tuesday release, Microsoft also added a layer of protection to users of its online document service Office 365, rolling out two-factor authentication to versions of Microsoft Office 365 from business plans to some standalone single-user plans.
"This will allow organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription," said Microsoft technical product manager Paul Andrew in a blog post.
The company also plans to add "App Passwords" to individual Microsoft Office desktop applications so businesses can set a 16-character password to access individual apps such as Microsoft Word and Microsoft Excel.
"Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password," Andrew added. "With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in."
The Redmond software leasing firm plans to roll out multi-factor authentication for these apps later this year. µ