Microsoft has abandoned Office 2010 but third-party service 0patch will still provide security patches

The classic version of Office 2010, an iconic Microsoft office suite, is no longer officially supported from October, but third-party patch service team 0patch says it will continue to extend Office 2010 life by helping users protect against vulnerabilities through its micro-patches. While micro-patches are typically only available to 0patch paying customers with professional or corporate subscriptions, the company says, “we may occasionally decide to offer some of these micro-patches to 0patch free users, such as when it is expected to help slow the global worm outbreak.”

However, if you need to ensure that the patch remains valid after installation, you need to make sure that the latest version of Office 2010 and all available official updates are installed.

Remember how 0patch made people “safely adopt” Windows 7 and Server 2008 R2? By the time they reached the end of support in January 2020, 0patch had released micro-patches for 21 high-risk vulnerabilities in these systems, the most popular of which was undoubtedly for Zerogon (CVE-2020-1472), which affected almost all windows and is now widely used by ransomware gangs.

Microsoft has abandoned Office 2010 but third-party service 0patch will still provide security patches

Since Office 2010 reached the end of its support last month, and many organizations have expressed interest in keeping it safe, 0patch has decided to start trying to get people to “safely adopt” Office 2010, a service that is already widely available by the end of the year.

How does this service work? Similar to 0patch’s work for Windows 7 and Windows Server 2008 R2, security researchers collect vulnerability information for Office 2010 from a variety of sources: partners, security communities, public sources, and whether vulnerabilities that affect the still-supported version of Office 2010 are affected by testing newly discovered vulnerabilities. When security personnel discover a high-risk vulnerability in the assessment and have enough data to reproduce it, a micro-patch is created for it that runs on the fully updated Office 2010. Just like Windows 7 and Server 2008 R2.

More information is available on the 0patch blog.