Final Windows XP-Office 2003 Patch Tuesday a light one

Final Windows XP-Office 2003 Patch Tuesday a light one

Summary: [UPDATE] Windows XP and Office 2003's final Patch Tuesday will have only four updates total and only one critical each for Office and XP. The number of vulnerabilities is still undisclosed. The recent zero-day vulnerability in Word will be one of the fixed problems.


Microsoft has released the Advance Notification for next week's Patch Tuesday for April 2014, the final one for Windows XP and Office 2003. After next Tuesday, neither product will receive updates of any kind, including security updates, for general release.

There will be a total of four updates released for all products, two for Windows and two for Office. Only one of the updates for each product is rated critical, although we don't yet know the number of vulnerabilities addressed for any of the products or their exact nature. All four updates are for remote code execution vulnerabilities.

The one critical Windows vulnerability is in fact a critical update that affects nearly all versions of Internet Explorer on all Windows platforms. Most unusually, it does not affect Internet Explorer 10, although it does affect IE 11 (along with IE 6, 7, 8 and 9). The other Windows vulnerability affects all versions of Windows, including XP, and is rated Important on all of them.

The one critical Office vulnerability affects all versions of Office and is rated critical for all of them. This includes the Office Web Apps 2010 and 2013, as well as the Word Automation services of SharePoint Server 2010 and 2013. This would seem to indicate that the vulnerability is part of Microsoft Word.

[UPDATE: It's possible that the critical Word vulnerability to be fixed is the recently-disclosed bug in the handling of RTF files.]

[UPDATE 2: Microsoft has confirmed that the Word update does address the RTF issue, which is being exploited in the wild. It will be the first update on Tuesday and therefore MS14-017.]

Microsoft will also release a new version of the Malicious Software Removal Tool and an undisclosed number of non-security updates.

Topics: Security, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is what Microsoft should do...

    Larry, thanks for the heads-up.

    IMO, Microsoft should delay the cutoff for 6 more months, since they have totally botched Windows 8.x. Windows 7 consumer PC's should still be sold after October, 2014. Perhaps when Microsoft listens to it's customers, it will gain some loyalty.

    As for me, I will stay with Windows XP and 7 - no way will I use 8.
    • Fair dinkum

      I'll be sticking with Windows 8, I find it better than 7, if you don't, then that is fine too.

      W8, especially after the 8.1 update, is a fine OS and improves upon W7 in many ways. The Start Screen seems to be the main sticking point, I personally like it, it reminds me a lot of the good old days of Program Manager before that stupid Windows Menu came along.
    • Really, XP is 12 years old - and Vista, Win7 and Win8 have shipped since

      And, the XP End-Of-Life date was announced 7 years ago. That seems like enough of a warning.

      Actually, since they are releasing a patch on its end-of-life day, it gets another month of support, if I'm not mistaken (though it may only be for issues relating to that patch).
    • Wouldn't make a difference

      Another 6 months, another year. Neither would make a real difference.
  • Farewell to Two good MS Creations

    Larry, thanks for the head up.... And as we say a fond farewell to two of the better MS creations, The MS powers that be are now setting their sights on Win7.... And, my Ultimate edition is the very last MS product I think will be "purchased" by this old man... Why, you may ask? Very simple = Less product value/features with higher "purchase" costs... And don't even get me started on the horror show that is IE...
  • I thought Microsoft

    I thought Microsoft said there would no extensions of Windows XP support. Yet another article from this website

    says the UK government is paying Microsoft to extend support for XP through April of 2015.
    • you can pay for it

      It's always been the case with all post-lifecycle products that you could arrange to pay for further support. It costs a lot, but they're probably doing a brisk business with some large orgs like banks.
    • No news

      Paid extended support was always available. Remember, despite all the doomsday prophets, Windows XP is not the first Windows version that reaches End of Life, and it won't be the last.
    • Just to add to what folks are saying

      Custom support for out-of-support products is expensive. And, traditionally, it doubles in price every year (if, for example, it's $100k this year, it will be $200k next year).
      • Very expensive

        One article I saw gave prices one unnamed IT manager was quoted, for 5,000 PCs. $1 million the first year, $2 million the second and $5 million for the third.
  • Windows XP Nagware Issue

    Some of my clients who do regular Windows Update on Windows XP are now receiving nagware that mentions Windows XP will reach End of Support on April 8, 2014. Will this nagware continue after April 8, 2014 or is it time-limited ? Thanks.
    • RE:Nag

      they shouldn't have downloaded that particular "update". It was listed under the critical updates section.
    • RE: Nag

      YES...that Nag message will continue because it was installed on the hard drive.
  • I take it to mean, XP is now perfect.

    Thanks, MS. Job well done.
    • It's fully cooked

      Come and get it!
  • Whoevers running the XP update department

    Whoevers running the XP update department is going to be partying after April 8th!
    Pollo Pazzo
  • Last updates

    You writers act like it's so funny that the XP updates are ending. Did you get some kind of thrill out of that. Microsoft is stupid. Windows XP is still number 2.
  • XP Memorial Video

    Spiceworks made an XP memorial video that is pretty fantastic:
  • On severity of Word bulletins...

    Generally, vulnerabilities in Word RTF parsing are considered "critical" if they have fixes related to RTF parsing, because Outlook uses Word's RTF parsing to display emails (including in the preview pane). Other Word vulnerabilities are typically considered "important".
    • I don't think so

      The vulnerabilities that are Important in Office are rated so because the user needs to approve done warning. RTF is a native format for Word. I believe this bug would be Critical even without the (very serious) Outlook connection.