wnol.info July 22 2017


Cyberattacks: Microsoft releases new Windows XP security patches

July 22 2017, 10:34 | Guillermo Bowen

Microsoft issues Windows XP critical patches amid 'elevated risk' of cyberattacks

Microsoft includes Windows XP and Vista in June's Patch Tuesday updates

But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003.

Of course, a precedent had already been set because Microsoft patched Windows XP against WannaCry when the ransomware broke out in rampant and high-profile fashion last month.

"To address this risk, today we are providing additional security updates along with our regular Update Tuesday service".

One of my friends also said "Microsoft folds and releases Wannacry fixes for Windows XP and Server 2003".

The WannaCry ransomware was behind May's global cyber-attack, and exploited a vulnerability that was made public when a hacker group stole secrets from the National Security Agency (NSA).

For more information about the remaining security vulnerabilities released on June Patch Tuesday, visit Microsoft's Security Update Guide.

Significant numbers of users still run Windows XP and Windows 8, the two unsupported desktop-grade versions that Microsoft updated.

Windows XP use remains significant: there were millions of people running the operating system as late as previous year.

Topping the priority list should be zero-day vulnerabilities CVE-2017-8543 and CVE-2017-8464, both of which Microsoft said are being exploited in the wild. But the company sought to emphasize that updates for older systems will not be routine. Now it has released another security update for Windows XP, this time due to the "heightened risk of exploitation" by copycats. Independent discovery for some of the fixed vulnerabilities occurred before the Shadow Brokers leak, indicating researchers and malware authors are still interested in finding problems in legacy versions of Microsoft products.

In a press statement released by Microsoft earlier today, it has underscored the importance of this update in the face of an imminent threat.

Tuesday's issuance of down-level patches is only the latest in a series of unusual events involving Microsoft's once-predictable security update regimen. Peter Bright, from technology site Ars Technica, said: "patching is the wrong decision: it sends a clear message to recalcitrant corporations that they can stick with Windows XP, insecure as it is, because if anything too serious is found, Microsoft will update it anyway ..."

Yesterday, we told you about a new round of security patches heading out to Windows XP.

However, there is one more reason why Microsoft is so careful. It's important to note that all Windows users are getting these security updates, including those who are on currently-supported Windows software.



Other news