Microsoft may have dropped Office 2010 but 0patch will still offer security patches
We have written about the micropatching outfit 0patch several times here on BetaNews. Offering "security patching simplified to the extreme" 0patch has previously offered security fixes for problem with Internet Explorer and Windows 7 either before Microsoft has been able to do so, or after the company has stopped offering support for a particular product.
Now 0patch has done it again, announcing that it has "security adopted" Office 2010. This version of Microsoft's iconic office suite is -- as of October -- no longer officially supported, but 0patch says that it will help keep users secured against vulnerabilities with its micropatches.
- Google's Project Zero reveals details of 'high severity' security flaw with Microsoft's GitHub
- How to get the Windows 7 Start menu in Windows 10
- Google shares details of a Windows Kernel Cryptography Driver security flaw that's being exploited by hackers
While the micropatches will generally only be made available to paying 0patch customers with a Pro or Enterprise subscription, the company says that "we may occasionally decide to provide some of these micropatches to 0patch FREE users as well, for instance to help slow down a global worm outbreak". You will, however, need to ensure that you have the very latest version of Office 2010 installed along with all available official updates.
Announcing its support for the office suite, 0patch says:
Remember how we "security adopted" Windows 7 and Server 2008 R2 when they've reached end-of-support in January 2020? Since then, we've issued micropatches for 21 high-risk vulnerabilities in these systems, the most popular undoubtedly being our micropatch for Zerologon (CVE-2020-1472), a vulnerability affecting virtually all Windows domains and being currently widely exploited by ransomware gangs.
With Office 2010 having reached end-of-support last month, and many organizations expressing interest in keeping it (secure), we've decided to "security adopt" Office 2010 as well. This service is already generally available at the time of this writing.
How does this work? Similarly to what we do for Windows 7 and Windows Server 2008 R2, we collect vulnerability information for Office 2010 from a variety of sources: partners, security community, public sources, and also by testing if newly discovered vulnerabilities affecting still-supported Office versions might also affect Office 2010. When we come across a vulnerability that in our assessment presents a high risk and have sufficient data to reproduce it, we create a micropatch for it that works on fully updated Office 2010. Just as for Windows 7 and Server 2008 R2, Office 2010 has to be updated with latest available official updates, i.e., October 2020 updates.
More information is available on the 0patch blog.