Microsoft fixes XP to avoid the next Wannacry
1
Microsoft has taken the surprising decision to release a security update for Windows XP, which it stopped supporting in April 2014. It was part of Microsoft’s ‘Patch Tuesday’ for June, which contains updates for all versions of Windows, from XP to 10.
In the blog post announcing the updates ( www.snipca. com/24767), Microsoft said that it took this action to provide “further protection” against highly destructive ransomware attacks like Wannacry. It’s only the third time the company has released a fix for a product it no longer supports.
Microsoft added that it was particularly worried about attacks from hackers backed by nation states, saying its decision was “based on an assessment of the current threat landscape by our security engineers”.
The company didn’t go into further details, but it’s probably responding to the theft in April of hacking tools developed by the US government’s National Security Agency (NSA). One of these, called Eternalblue, was used by the Wannacry hackers.
Three others, called Esteemaudit, Explodingcan and Englishmandentist, have yet to be used by hackers, though security experts fear that they could be unleashed soon. Microsoft’s latest update fixes the flaws that these tools can exploit.
The company was heavily criticised for releasing a fix to protect XP from Wannacry two months after it issued an update to protect Windows 7, 8.1 and 10. During this gap Wannacry infected thousands of computers worldwide, although XP machines were largely unaffected because many of them crashed before being able to spread the malware.
In another message online ( www.snipca.com/24768) Microsoft said that releasing a fix for XP “should not be viewed as a departure from our standard servicing policies”. In other words, the XP update is a one-off.