One patch is for Windows XP, which debuted in 2001 and Microsoft stopped supporting in 2014.

It was "highly likely" the vulnerability would be exploited if it went unpatched, wrote Simon Pope, Microsoft's director of incident response, in a blog about the bug.

Market industry data suggests about 3.75% of desktop machines currently use XP or its variants.

Because of an issue that's frankly remarkable, Microsoft is blocking the update for anyone using USB storage or SD storage. That is to say: if you have a USB hard disk or thumb drive, or an SD card in an SD card reader, the update won't install.

As with so many Windows 10 bugs, the real question here is how on Earth this was only detected at this late stage in development. USB storage is not esoteric or unusual, and a problem like this is going to affect a large proportion of Windows 10 users.

It's going to be the May 2019 update, because Microsoft is being a great deal more cautious about this release. Next week, a build will be pushed to the Release Preview ring, which should provide around a month of testing before its expected release date.

If Microsoft sticks with its plan to leave the feature update optional until it becomes a prerequisite for support, many Windows 10 users may not find themselves upgrading for more than a year after its release.

Google says that Google Play Protect, Android’s AI-driven built-in defense mechanism that scans over 50 billion apps every day on-device and upwards of 500,000 in the cloud, substantially cut down on the number of Potentially Harmful Applications (PHAs) in Google Play.

Starting next month, the operating system will show users a "courtesy reminder" to tell them that security updates will cease and that Windows 10 (and hardware to run it on) exists. Microsoft promises that the message will only appear a "handful of times" during 2019 and that there will be a "do not notify me again" checkbox that will definitely suppress any future messages.

For organizations already subscribing to Windows Enterprise, the first year of updates will cost an additional $25 per device. This doubles to $50 for the second year and $100 for the third year.

For companies sticking with Windows 7 Pro instead of subscribing to Windows Enterprise, the first year will cost $50 per device and will double each subsequent year to $100 and then $200.

When he published on February 1, in conjunction with the LibreOffice fix notification, OpenOffice still had not been patched. Inführ says he reconfirmed that he could go ahead with disclosure even though OpenOffice 4.16 has yet to be fixed.

His proof-of-concept exploit doesn't work with OpenOffice out-of-the-box because the software doesn't allow parameters to be passed in the same way as the unpatched version of LibreOffice did. However, he says that the path traversal issue can still be abused to execute a local Python file and cause further mischief and damage.

Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.

Trend Micro researchers discovered another batch of apps that falsely promised to allow users to “beautify” their pictures by uploading them to a designated server. Instead of delivering an edited photo, however, the server provided a picture with a fake update prompt in nine different languages. The apps made it possible for the developers to collect the uploaded photos, possibly for use in fake profile pics or for other malicious purposes. The developers took pains to prevent users from detecting what was happening.

Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes.

Exploitation of these code flaws allows an attacker to alter system memory in order to commandeer systemd-journal, which permits privilege escalation to the root account of the system running the software.

The issue is that the Save button doesn't save the screenshot to the PC, as most users would naturally expect, but uploads the image to a Mozilla server.

This is both a privacy violation, as some users don't appreciate being tricked into uploading sensitive images saved on remote servers, but also an incovenience as users would still have to download the image locally, but in multiple steps afterward.