Microsoft published the Microsoft Security Bulletin Advance Notification for July 2010--revealing a relatively light month for patching. This coming Patch Tuesday will have only four security bulletins, but it's a crucial day for many IT administrators, as it also marks the end of Microsoft support for Windows 2000 and Windows XP SP2.
Of the four scheduled security bulletins, three are rated as Critical, while the remaining one is Important. Two of the Critical security bulletins impact Windows, and the other two security bulletins affect Microsoft Office.
Wolfgang Kandek, CTO of Qualys, clarifies the security bulletins affecting the Windows operating system in a blog post. "The first one is for Windows XP and 2003 and fixes the Windows Help and Support Center vulnerability published by Tavis Ormandy in a much discussed full disclosure move. Microsoft showed some impressive turnaround time on that patch."
Kandek continues, describing the other security bulletin related to Windows, which also addresses a zero-day vulnerability. "The second bulletin fixes a problem in the AERO display driver component for Windows 7 and Windows Server 2008 R2, which was disclosed publicly earlier in May."
The security bulletins themselves might be overshadowed by the expiration of support for Windows 2000 and Windows XP SP2. Many companies still rely on these archaic, yet capable platforms. Continuing to use them beyond next Tuesday, though, will be a little like playing Russian roulette because without support the platforms will become increasingly less stable and more insecure.
For businesses still using Windows XP SP2, the end of support means no new security updates, no new non-security hotfixes, and no access to Microsoft's product development resources. The solution for businesses still using Windows XP SP2 is relatively simple, though--just apply SP3, which is still supported.
Businesses still running Windows 2000 face a more difficult challenge. As of July 13, 2010, there will be no new security updates, non-security hotfixes, or option to engage Microsoft product development resources, just like Windows XP SP2.
In addition, though, Windows 2000 will no longer have access to free or paid support options, and there will be no further updates to online support content. The solution for Windows 2000 is not as easy either. Companies still using Windows 2000 will have to upgrade to a more recent operating system--ideally Windows 7--in order to continue running a supported platform.
Microsoft urges businesses still using Windows 2000 or Windows XP SP2 to transition to a supported operating system. "Unsupported products or service packs pose a significant risk to your computer's security. Therefore, Microsoft advises customers to migrate to the latest supported service pack and/or product prior to the end of support. Our latest products, such as Windows 7 and Windows Server 2008 R2, provide greater security, reliability, environment-friendly features, and a host of other benefits."