[German]Interesting offer from ACROS Security. The security vendor has just announced to support Microsoft Office 2010 with 0patch micro patches to eliminate known security vulnerabilities even after the support expires on October 2020.
Office 2010 support ended on October 13, 2020
Microsoft Office 2010, along with other products such as Exchange Server 2010, received its last security updates on October 13, 2020. This means that Office 2010 has dropped out of support and has reached the End of Life (EOL). There is also no extended support for companies (as was the case with the ESU program for Windows 7).
0patch Support for Office 2010
Mitja Kolsek, the founder of ACROS Security, informed me in a private message on Twitter about the latest development of his company. The vendor 0patch has announced that after the end of support for Microsoft Office 2010, vulnerabilities that have become public will be closed by micro patching.
In this blog post Mitja Kolsek says, that after the end of support for Microsoft Office 2010 in October 2020, many organizations have expressed interest in continuing to use the product (securely). Therefore 0patch has decided to secure Office 2010 with micro patching as well.
Similar to Windows 7 and Windows Server 2008 R2, the security vendor collects information about vulnerabilities in Office 2010 from various sources (partners, security community, public sources and also through testing) and examines whether newly discovered security vulnerabilities that affect still supported Office versions could also affect Office 2010.
If the 0patch people find a security issue that they believe is a high risk, and if ACROS Security has enough data to reproduce the vulnerability, the 0patch team will create a micro patch. However, this requires a fully updated Office 2010. Just like for Windows 7 and Server 2008 R2, Office 2010 must be updated with the latest available official updates, i.e. updates until October 2020..
These micro patches for Office 2010 are included in the 0patch PRO subscription, which is currently offered for an annual fee of 22.95 EUR + VAT per computer, with a volume discount available. The subscription already provides access to all micro patches (also for Windows 7). Enterprise features such as centralized management, groups, group-based patch policies and notifications are available for organizations that want to manage a large number of Office 2010 installations and secure them with minimal effort. Organizations that run at least 100 Office 2010 installations on supported Windows operating system versions (and therefore do not require all PRO micro patching) have the option to subscribe to only Office 2010 security micro patching at a significantly reduced price.
So what do you need to do to protect Office 2010 installations with 0patch? You have to make sure that all Office 2010 updates are installed, create an 0patch account at the 0patch central (website), install the 0patch agent and register it with the account. hen you need to purchase a PRO subscription for an appropriate number of licenses. Alternatively you can request a free trial version at email@example.com. Acros Security will provide the security patches for Office 2010 for an initial period of 12 months. This period will be extended if there is sufficient demand. Details about working with the 0patch agent I have described in the article Windows 7: Securing with the 0patch solution – Part 2.
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
Cookies helps to fund this blog: Cookie settings