Microsoft slates record-setting monster Patch Tuesday next week II

Microsoft MCTS Training made that clear earlier this week when it released an emergency, or “out-of-band” update , to quash a critical bug in Windows shortcuts that hackers have already used to hijack PCs, including machines in multiple companies that oversee important industrial control systems. It did not provide a patch then for XP SP2.
Next Generation Secure Web Gateways: The Case and Criteria for Embedded Data Loss Prevention: Download now

Although Microsoft’s policy prevents it from confirming whether unsupported software contains vulnerabilities, it’s likely that XP SP2 harbors the same bugs as XP SP3, which will be patched next week.

“All of those for XP SP3 are quite probably also in XP SP2,” said Kandek.

Not only will Microsoft not offer the applicable Windows updates to PCs running XP SP2, but it will also deny those machines the critical IE update .

The Office updates may be delivered to users running Windows XP SP2, however; Microsoft MCITP Certification evaluates Office’s patching needs using the version of the suite running on the system, not on the operating system.

“There’s no free pass just because Windows Update doesn’t offer you patches,” said Kandek, talking to XP SP2 users, who might think they’re safe because they won’t see any updates offered on Tuesday.

Qualys has offered users of obsolete operating systems a hand by testing some exploits against out-of-support versions of Windows. The company publishes the results on its Web site.

“We’ll continue to do this to substantiate our suspicion that [XP SP2] is very vulnerable now that it’s not being patched,” said Kandek.”