Support for Windows XP SP2 Ends
With today’s Patch Tuesday, it marks the end of support for Windows XP Service Pack 2. This shouldn’t be that much of a news story except at the same time, we find out from Microsoft that 74% of business computers are still running Windows XP. Chances are that there is a significant percent of those that might not be running the latest service pack.
The end of support means Microsoft will no longer fix vulnerabilities that are specific to SP2 and earlier versions of the operating system. For that reason, it is recommended that users either upgrade to Windows 7 or at least install Windows XP Service Pack 3. Although they’ve broken the “we’re no longer supporting that” barrier before with Windows 2000 (one recent instance I can remember had to do with the changes in daylight savings time), that is far from something to rely on either as a home user or an enterprise.
Meanwhile, Microsoft has also extended downgrade rights to XP from Windows 7 Professional and Ultimate yesterday. The extended downgrade rights are available only through OEM manufacturers and only during the lifetime of the different Windows 7 versions’ lifetimes. Windows 7 Ultimate will be retired in 2015 and Windows 7 Professional will retire in 2020. (via Computerworld) Dear god, I hope people aren’t still running XP in 2020!
Today, Patch Tuesday for July 2010, includes 4 updates, one of which is the vulnerability that was publicly disclosed by a Google security researcher 4 days after Microsoft was made aware of the issue. Microsoft was, you could say, not happy about the public disclosure but managed to patch it in 33 days.
This issue was reported to us on June 5th, 2010 by a Google security researcher and then made public less than four days later, on June 9th, 2010. Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk.
In addition, the Windows 7 and Windows Server 2008 R2 Service Pack 1 Betas are available. You can find out more about it at these pages:
- Microsoft Download Center – Documentation
- Microsoft TechNet Evaluation Center – Frequently Asked Questions
- Microsoft TechNet – Deployment Guide
Adobe Reader Now Installs the Latest Version
Adobe Reader, which would have been updated to version 9.3.3 today if it hadn’t been for the accelerated release in response to exploits in the wild, received a change in its download process. I mentioned it on June 29th when 9.3.3 came out and it was announced in an Adobe Reader blog post that same day. No longer will you download Adobe Reader 9.3 only to be prompted to update to 9.3.3 the first time you launch the product. With the change taking effect, today you’ll always be downloading and installing the latest version of Adobe Reader.
Adobe Download Center Changes are Coming
In the past, we delivered Adobe Reader updates as full installers or patches (for instance, 9.x = full installer, 9.x.y = patch). The Adobe Reader Download Center at http://get.adobe.com/reader always offers the most recent full installer of Adobe Reader, which is currently Adobe Reader 9.3. After installation, the Adobe Reader Updater will automatically check and offer the latest patches to keep end-users up-to-date (as of today, the latest patch is Adobe Reader 9.3.3).
We have been working on a new method of always offering the latest version, whether they be full installers or patches, of our most popular language/platform pairs on the Adobe Download Center. This change will make its debut as scheduled on July 13, 2010 (by offering Adobe Reader 9.3.3 for installation) and will become a standard operating procedure going forward. In addition, as always, the Adobe Reader Updater will continue to automatically check for new updates, or users can force an update to happen by selecting > Help > Check for Updates from the Adobe Reader menu.
This change increases the initial download size by about 14 MB (this time).
While this improves the experience for the home user and small business (although arguably the McAfee Scan and Adobe Download Manager significantly worsens the first impression), it does nothing to improve on the situation for Enterprise IT. A frequent complaint by myself and others (while also a strong driving force of visitors to my site), the method for patching Adobe Reader and Adobe Acrobat is very inconvenient and full of frustration.
My hope for this announcement was that Adobe would be providing the latest version in a compiled .msi file. Instead, we continue to have to download the .msi file of Adobe Reader 9.3 and patch it by quarterly updates (.msp files) up to the current release. If a security update is the most recent release, you patch your cumulative install files with that but the next update that comes out, you’ll have to start from scratch again. Adobe Acrobat is worse because you have to start from Acrobat 9.0 and patch it 6 times (and counting).
Fortunately, they haven’t made it any worse with this change. The .msp files are still available for download through the Adobe FTP site. If you visit http://get.adobe.com/reader/, you can download a single executable to install the latest version. You can’t extract the files from the executable with 7-zip because it’s compressed with the NOS Installer. If you just run the executable, the files will be extracted before the first prompt of the installer. You can find all the files you need and copy them from this location:
C:Documents and Settings[user name]Local SettingsApplication DataAdobeReader 9.3Setup FilesReader9
For the 9.3.3 version released today, it includes the 9.0 .msi and the 9.3.2 and 9.3.3 .msp files. After you’ve copied the files to where you need them, you can cancel the installation process and the files in this folder will be deleted.
In my opinion, this is an improvement for common end users but does nothing to aid enterprise IT organizations from being able to readily deploy the updated software. Updating the most frequently targeted applications to protect their users is an important task these days and that puts Adobe at risk of losing a lot of customers. Providing a full .msi file for the latest versions of Adobe Reader and Adobe Acrobat would be the best solution, in my opinion, and send the message that Adobe wants its customers to be using the latest version. It’s the way Adobe Flash distribution is handled and it makes the task much simpler.