Microsoft has once again taken the extraordinary step of patching the out-of-support Windows XP, in an attempt to limit the scale of the next WannaCry-style attack.
The updates for XP and other versions of Windows, released as part of yesterday’s Patch Tuesday, have fixed vulnerabilities that could be used in what Microsoft calls “attacks with characteristics similar to WannaCrypt”.
“These security updates are being made available to all customers, including those using older versions of Windows,” wrote Adrienne Hall, general manager of Microsoft’s Cyber Defense Operations Center, adding the measure was “due to the elevated risk for destructive cyber attacks at this time”.
The recent WannaCry/WannaCrypt ransomware epidemic hit over 300,000 PCs in 150 countries around the globe, using worm-like capabilities to spread between unpatched Windows machines over the internet. Computer systems were knocked offline in hospitals across England, in European car plants, in Russian banks and Chinese schools and colleges.
While the patches will be available for Windows XP, Windows Server 2003, and other unsupported operating systems, Microsoft warned people still running out-of-support OSes not to expect regular fixes.
“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies,” said Eric Doerr, general manager for Microsoft Security Response Center.
“As always, we recommend customers upgrade to the latest platforms.”
This update for out-of-support OSes follows Microsoft’s recent decision to issue a patch for unsupported OSes in the wake of the WannaCry attacks. A poll earlier this year, found 52% of firms were still running Windows XP on at least one machine.
However, security experts recently told TechRepublic that were Microsoft to start patching unsupported operating systems regularly it could increase overall risk by encouraging people to continue using less secure OSes.
Guarding against state-sponsored attacks
The decision to update unsupported OSes appears to have been driven by concerns about Windows vulnerabilities being exploited by state-backed hackers.
“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Microsoft’s Hall said.
The EternalBlue exploit that WannaCry used to spread itself between Windows machines was believed to have been crafted by the US National Security Agency (NSA), and used in its own hacking efforts. The exploit was later revealed by the Shadow Brokers group, after it stole a cache of vulnerabilities from the NSA-linked Equation Group.
Since yesterday’s patches were issued, Microsoft has confirmed to ZDNet that the updates fix the remaining unpatched vulnerabilities from the trove revealed by the Shadow Brokers. The company had previously said it would not fix these potential exploits as they only affected older, unsupported versions of Windows.
Craig Young, security researcher at Tripwire, recommended that organizations running unsupported machines apply these patches as soon as possible.
“Anyone still using Windows Server 2003 or XP should install these patches ASAP with the expectation that they will be actively exploited in the near term,” he said.
Yesterday’s updates, which also include a range of other fixes, will be automatically applied to those running Windows Update on Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server. Those running XP can download the updates from the Download Center or the Update Catalog.
Read more on Windows and ransomware
- Microsoft warns of ‘destructive cyberattacks,’ issues new Windows XP patches (ZDNet)
- Microsoft: Latest security fixes thwart NSA hacking tools (ZDNet)
- Ransomware 2.0 is around the corner and it’s a massive threat to the enterprise (TechRepublic)
- Want ransomware-proof Windows? Use Windows 10 S, says Microsoft (ZDNet)
- I infected my Windows computer with ransomware to test RansomFree’s protection (TechRepublic)
- What is Windows 10 S? (ZDNet)
- 10 ways to protect your Windows computers against ransomware (TechRepublic)