Microsoft’s March Patch Day is live, and looks to be by the numbers. As expected, they released five bulletins, including one that contains a fix for a zero day vulnerability in Internet Explorer. Their Patch Day summary highlights five security bulletins that fix 23 vulnerabilities in various Microsoft products, including Internet Explorer (IE), Windows and its various components, such as Silverlight. They rate two of these bulletins as Critical, and the rest as Important.
While we are talking about Windows updates, let me take this time to continue to remind you that these updates are among the last that Windows XP will receive. XP users will likely see a few more updates next month, but after than it goes End-of-Life. Hopefully, most of you are saying, “Why do I care? I’ve been using Windows 7 or above for years.” But for the stragglers out there, you might want to consider upgrading to a more recent version of Windows. While I don’t want to come off as promoting Microsofts “upgrade” sales message, I do believe XP will likely pose more risk once the official updates stop. It seems very likely that some cyber attacker (or nation-state groups) out there are sitting on a zero day XP exploit or two; saving them until after Microsoft’s fixes run out. You might want to get away from XP before that happens.
In any case, I’ll share more details about today’s Patch Day bulletins on the blog throughout the day. Meanwhile, check out the March bulletin summary now, if you’d like an early peek. — Corey Nachreiner, CISSP (@SecAdept).