Microsoft releases new Windows XP security patch

Microsoft releases new Windows XP security patch”

June's Patch Tuesday for Windows machines brought no less than 96 different patches for various vulnerabilities. In the case of Windows XP it had nearly 14 years of support and that happened because so many users were still on the OS and did not upgrade to Windows Vista or its successor Windows 7. While it stopped short of stating that another campaign could be imminent, Microsoft said there is now an "elevated risk" of a destructive incident.

Security Advisory 4025685 details additional guidance for critical security updates "that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures", according to Microsoft.

Despite the majority of PCs being hit by WannaCry were found to be running Windows 7, it is not known if the release of this latest update is the result of information about a new attack which would target Windows XP. But you can bet EnglishmanDentist, EsteemAudit and ExplodingCan exploits are in the works. However, these older versions do not have the level of exploit hardening and platform features (e.g., Device Guard, instant cloud protection etc.) available in Windows 10 to effectively protect against the threat.

It's a long time since there was a Patch Tuesday for XP and 2003, so dust off your old notes, remind yourself how to do it, and get busy! Windows XP isn't the only legacy operating system getting this new round of vital updates, as Windows 8 and Windows Server 2003 are getting them as well.

Goettl was less sanguine about Microsoft's decision to patch Windows XP.

In parallel, Adobe has also released its June security updates vide APSB17-17 for Flash Player and APSB17-18 for Shockwave Player.

"Our security teams actively monitor for emerging threats to help us prioritize and take appropriate action", Eric Doerr, general manager of Microsoft's Security Response Center, wrote in a blog post.

Microsoft did a lot to make the switch to Windows 10 as easy as possible.

Microsoft said customers should not expect this type of patch release for unsupported products to become the norm. In April, the Shadow Brokers published a cache of weaponized attack code that included dozens of tools. Most of those fixes had come in an update delivered in March that took the unusual step of not naming the party who had reported the vulnerability. On an unpatched system, attackers can send a specially crafted Server Message Block (SMB) request to the Windows Search service to gain control of a computer.

"For Microsoft to review and release several updates for "end of lifed" platforms you can be sure there was good cause", he added. Unsupported Windows versions played very little role.

Typically, Microsoft only releases security updates for unsupported Windows systems when there's a so-called "custom support" agreement in place.

Microsoft echoed that, albeit in more legalistic language.

Like this