

The National Cyber Security Authority (NCSA) recommends users and administrators:ġ. If the identified vulnerabilities in Microsoft products are not patched, authenticated attackers can remotely gain control of vulnerable systems and run malicious code with elevated privileges.įor the full list of security patches released by Microsoft, please refer to Microsoft Security Update Guide Recommended Actions The released security updates fix multiple vulnerabilities, which include two zero-day vulnerabilities:ĬVE-2023-23397: Microsoft Outlook Elevation of Privilege VulnerabilityĬVE-2023-24880: Windows SmartScreen Security Feature Bypass Vulnerability But not every user reads the MSRC blog.Microsoft released security updates to fix vulnerabilities in their software products that include, but not limited to: Microsoft started warning customers of XP SP2’s looming retirement last February, and has been repeating that warning every month in its Microsoft Security Response Center (MSRC) blog on Patch Tuesday, the regularly-scheduled second-Tuesday-of-the-month security update release day.

I don’t think many people were looking at the messages Microsoft was putting out.”

“Personally, I didn’t know about it until two months ago. “I think this simply flew under the radar of most IT professionals,” said Kandek, talking about the July retirement of XP SP2. “I expect to see reliable exploits of unpatched vulnerabilities three or four months later.”Ĭompanies have stepped up their efforts to migrate machines to XP SP3 in the last 11 months - the rate of adoption of the newest service pack during that period was roughly double that of SP3’s first 14 months of availability - but even now, just weeks before SP2 will slide off support, half of the Windows XP systems still run the older edition, according to Qualys. “I would expect that come August, SP2 will be getting hard and harder to defend,” said Kandek, referring to the lack of security updates.
