More Windows XP fixes in June Patch Tuesday release

Windows 10

Microsoft today released critical security updates to block another wave of similar attacks, making those patches available on unsupported versions like Windows XP and Server 2003.

Microsoft had a long-standing stance against providing security updates for older versions of Windows, but recent cyber attacks changed all that.

The decision to release the update comes in the wake of the devastating WannaCry ransomware attack last month.

Microsoft said that it identified some vulnerabilities that posed an elevated risk of attacks by government organizations or other sophisticated hacking groups, so it released additional security updates alongside the more common security patches that were supposed to be released this month.

In a separate blog post, Eric Doerr, general manager of the Microsoft Security Response Center, said the move was created to fix "vulnerabilities that are at [heightened] risk of exploitation due to past nation-state activity and disclosures". For older Windows versions like Windows 7 and Windows Server 2008 that didn't take the fix in security bulletin MS17-010, but had cloud protection turned on (in Microsoft Security Essentials or Windows Defender AV) WannaCrypt was prevented from executing.

The company said that currently-supported Windows systems such as Windows 10 and Windows 8.1, will receive the said patches automatically if users have enabled Windows Update.

For more information about the remaining security vulnerabilities released on June Patch Tuesday, visit Microsoft's Security Update Guide.

Microsoft said customers should not expect this type of patch release for unsupported products to become the norm.

Microsoft clarified this doesn't mean a return to full support for Windows XP, which ended in 2014.

Was Microsoft right to patch Windows XP again? It is one of the most successful updates ever from Microsoft for the desktops.

To give an idea of the seriousness of this month's Patch Tuesday, Microsoft has made a decision to include patches for a number of legacy operating systems it no longer supports. Therefore, XP and Vista users are strongly advised to apply these updates immediately, and make sure their systems are safe.

Sarwate also suggested users prioritize patches for Windows graphic font engine vulnerabilities CVE-2017-8527, CVE-2017-8528 and CVE-2017-0283, and Outlook patch CVE-2017-8507, all of which could allow attackers to take complete control of a victim's machine. Tuesday's move suggests Microsoft may have good reason to believe attackers are planning to use EsteemAudit, ExplodingCan, and EnglishmanDentist in attacks against older systems.

Relacionada:

Comentarios


Otras noticias