Final Windows XP-Office 2003 Patch Tuesday a light one

Summary:[UPDATE] Windows XP and Office 2003's final Patch Tuesday will have only four updates total and only one critical each for Office and XP. The number of vulnerabilities is still undisclosed. The recent zero-day vulnerability in Word will be one of the fixed problems.

Microsoft has released the Advance Notification for next week's Patch Tuesday for April 2014, the final one for Windows XP and Office 2003. After next Tuesday, neither product will receive updates of any kind, including security updates, for general release.

There will be a total of four updates released for all products, two for Windows and two for Office. Only one of the updates for each product is rated critical, although we don't yet know the number of vulnerabilities addressed for any of the products or their exact nature. All four updates are for remote code execution vulnerabilities.

The one critical Windows vulnerability is in fact a critical update that affects nearly all versions of Internet Explorer on all Windows platforms. Most unusually, it does not affect Internet Explorer 10, although it does affect IE 11 (along with IE 6, 7, 8 and 9). The other Windows vulnerability affects all versions of Windows, including XP, and is rated Important on all of them.

The one critical Office vulnerability affects all versions of Office and is rated critical for all of them. This includes the Office Web Apps 2010 and 2013, as well as the Word Automation services of SharePoint Server 2010 and 2013. This would seem to indicate that the vulnerability is part of Microsoft Word.

[UPDATE: It's possible that the critical Word vulnerability to be fixed is the recently-disclosed bug in the handling of RTF files .]

[UPDATE 2: Microsoft has confirmed that the Word update does address the RTF issue, which is being exploited in the wild. It will be the first update on Tuesday and therefore MS14-017.]

Microsoft will also release a new version of the Malicious Software Removal Tool and an undisclosed number of non-security updates.

Topics: Security, Microsoft, Windows


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.