Microsoft patches older Windows against NSA exploits

Microsoft distributed the updates in addition to this month's "Patch Tuesday", the security updates Microsoft rolls out each month. Microsoft released a March security patch (MS17-010) to address the targeted Server Message Block 1 flaw in Windows systems, but that release was also somewhat unprecedented in that it also applied to older systems, such as Windows XP.

Following the recent WannaCry ransomware outbreak, Microsoft issued patches to the new unsupported Windows XP in order to rectify the vulnerabilities that WnnaCry exploited. Microsoft says that these patches are being released due to the "elevated risk" of cyberattacks, especially state-sponsored.

Microsoft does caution that just because it has released these security patches for the outdated versions of Windows, it doesn't mean that it's actively supporting those iterations yet again. It's only saying that it has come to know of such a possibility and that it's taking steps preemptively to ensure users remain safe online.

Since then, Windows Phone 8.1 has not received any updates, and Microsoft never pushed the Windows 10 Mobile update to all eligible Windows Phone 8.1 handsets.

This was possible, it later emerged, because the NSA informed Microsoft about the leak of the exploits.

Microsoft has provided guidance for users on these older systems here, which include the relevant bulletin, KB article reference, and an indication of whether the version of Windows is affected.

The company added that this patch was to offer "further protection against potential attacks with characteristics similar to WannaCrypt".

By Ars' count, Tuesday is only the third time in Microsoft history that the company has issued free security updates for a decommissioned product. According to analytics vendor Net Applications, 6% of all Windows PCs ran XP and 2% ran Windows 8 last month. "Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly". Microsoft also recently published a PowerShell script that can be used to count vulnerabilities in monthly security updates, as described in this blog post.


Source: Microsoft patches older Windows against NSA exploits

Comments