With time dwindling for Windows XP support it's a very good idea to keep the old, decrepit operating system as up-to-date as possible. When April 8, 2014 hits, Windows XP will stop receiving updates and any company still harboring the OS black sheep could be hit with countless security problems. So, as a best practice, you should consider patching Windows XP with every update that Microsoft makes available between now and then. Of course, eliminating Windows XP altogether is truly the best practice.

Microsoft has released an out-of-band update for Windows XP and Windows Server 2003 (KB2917500) that solves an issue where improperly issues digital certificates can cause spoofing, meaning a valid-looking CA certificate can actually be a fake, allowing spoofed content, phishing attacks, and man-in-the-middle attacks.

The download is available here: Security Update for Windows XP and Windows Server 2003 (KB2917500)

Surprisingly, the download comes in the form of an .exe. It must be run against every computer that is applicable so you'll want to utilize a good deployment technology to automate the process if you have many Windows XP computers still in use.

There's also a security advisory associated with this update, and you can read all about the security issue here: Microsoft Security Advisory (2916652)