Microsoft has released fixes for an "important" vulnerability in its Windows XP operating system, just days after announcing it would pull support for its Security Essentials anti-malware tool from the platform.
The fix was released as a part of Microsoft's monthly Patch Tuesday update cycle. The Windows XP fix also relates to the company's Windows Server 2003. Microsoft's security blogger Dustin Childs confirmed the vulnerability has been targeted by a "limited" number of attacks.
"We have only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own. This only impacts customers using Windows XP or Server 2003 as more recent Windows versions are not affected," said the security alert.
The cut-off date for Security Essentials support comes just before Microsoft fully ceases support for the decade-old Windows version. The end of support would mean XP users would no longer receive security updates for newly discovered threats. Research from NetMarketShare in December revealed that a third of Windows users are still running XP, despite the looming danger.
Microsoft also released fixes for "important" holes in its Office and Dynamics AX services. The vulnerabilities generally left Windows users open to privilege escalation attacks, though the Microsoft Dynamics AX flaw was listed as leaving Microsoft customers vulnerable to distributed denial of service (DDoS) attacks.
F-Secure security analyst Sean Sullivan told V3 none of the fixes are too serious, but predicted that a more robust Patch Tuesday will follow in the near future. "[This release] doesn't look like the kind of stuff that System Admins will need to stress too much over," he said.
"Next month could be busy, as April approaches. The limited number of patches this month could be a consequence of Christmas and the New Year holidays falling mid-week."
Persuading businesses to install new security patches as soon as they are able to has been an ongoing goal of the UK government and its Cyber Security Strategy. The Home Office listed installing new patches as a key way businesses can protect themselves from hackers in its newly launched Cyber Streetwise campaign.
Russell Group slammed for misusing student data in donation campaigns
Linus Torvalds is unhappy with current approaches to Linux security
Bug prevents ASLR from randomising location of important data
Organisations will work together on research projects to benefit UK business