reader comments 41
On Tuesday, Microsoft took the highly unusual step of issuing security patches for XP and other unsupported versions of Windows. The company did this in a bid to protect the OSes against a series of “destructive” exploits developed by, and later stolen from, the National Security Agency.
one day after last month’s outbreak of the highly virulent “WCry” ransom worm, which repurposed NSA-developed exploits. The exploits were leaked by the Shadow Brokers, a mysterious group that somehow got hold of weaponized NSA hacking tools. (WCry is also known as “WannaCry” and “WannaCrypt.”)
According to this updated Microsoft post, Tuesday’s updates include fixes for three other exploits that were also released by the Shadow Brokers. A Microsoft blog post announcing the move said the patches were prompted by an “elevated risk of destructive cyberattacks” by government organizations.
“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” Adrienne Hall, general manager of crisis management at Microsoft, wrote. “To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.”
Preventing another WCry outbreak
In a separate blog post, Eric Doerr, general manager of the Microsoft Security Response Center, said the move was designed to fix “vulnerabilities that are at [heightened] risk of exploitation due to past nation-state activity and disclosures.” He went on to urge users to adopt new Microsoft products, which are significantly more resistant to exploits, and not to expect regular security fixes in the future.
“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies,” he wrote. “Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly.”
abruptly canceled its Patch Tuesday, citing only a “last-minute issue.” In April, the Shadow Brokers published a cache of weaponized attack code that included dozens of tools. A day after the release, Microsoft revealed that it had issued patches that protected supported versions of Windows against the attacks. Most of those fixes had come in an update delivered in March that took the unusual step of not naming the party who had reported the vulnerability.
supported versions of Windows that had yet to install a patch that had been publicly available for more than 60 days. Unsupported Windows versions played very little role.
The only other time in recent memory Microsoft has patched an unsupported version of Windows was in 2014, when it issued a critical update for Windows XP during the same week it decommissioned the version. Tuesday’s move suggests Microsoft may have good reason to believe attackers are planning to use EsteemAudit, ExplodingCan, and EnglishmanDentist in attacks against older systems. Company officials are showing that, as much as they don’t want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.