We have written about the micropatching outfit 0patch several times here on BetaNews. Offering “security patching simplified to the extreme” 0patch has previously offered security fixes for problem with Internet Explorer and Windows 7 either before Microsoft has been able to do so, or after the company has stopped offering support for a particular product.
Now 0patch has done it again, announcing that it has “security adopted” Office 2010. This version of Microsoft’s iconic office suite is — as of October — no longer officially supported, but 0patch says that it will help keep users secured against vulnerabilities with its micropatches.
While the micropatches will generally only be made available to paying 0patch customers with a Pro or Enterprise subscription, the company says that “we may occasionally decide to provide some of these micropatches to 0patch FREE users as well, for instance to help slow down a global worm outbreak”. You will, however, need to ensure that you have the very latest version of Office 2010 installed along with all available official updates.
Remember how we “security adopted” Windows 7 and Server 2008 R2 when they’ve reached end-of-support in January 2020? Since then, we’ve issued micropatches for 21 high-risk vulnerabilities in these systems, the most popular undoubtedly being our micropatch for Zerologon (CVE-2020-1472), a vulnerability affecting virtually all Windows domains and being currently widely exploited by ransomware gangs.
With Office 2010 having reached end-of-support last month, and many organizations expressing interest in keeping it (secure), we’ve decided to “security adopt” Office 2010 as well. This service is already generally available at the time of this writing.
How does this work? Similarly to what we do for Windows 7 and Windows Server 2008 R2, we collect vulnerability information for Office 2010 from a variety of sources: partners, security community, public sources, and also by testing if newly discovered vulnerabilities affecting still-supported Office versions might also affect Office 2010. When we come across a vulnerability that in our assessment presents a high risk and have sufficient data to reproduce it, we create a micropatch for it that works on fully updated Office 2010. Just as for Windows 7 and Server 2008 R2, Office 2010 has to be updated with latest available official updates, i.e., October 2020 updates.
Microsoft Office 2010, Microsoft Corporation
World news – US – Microsoft may have dropped Office 2010 but 0patch will still offer security patches