Microsoft's Windows XP left official support years ago (2014). However, it is still widely used, especially amongst business customers. During Patch Tuesday today, the company has issued a patch for Windows XP to help halt the spread of the WannaCry malware. This patch is very unusual as it sees Microsoft patch an unsupported Windows build.
Indeed, the company says it is updating all unsupported (and indeed supported) Windows versions, including little-used Vista to stem the spread of the malware. The company says there is an “elevated risk” of attack and Windows needs be secure across all versions.
“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” says Adrienne Hall, general manager of crisis management at Microsoft.
“To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.”
All patches will be made available through the company's Download Center or Windows Update. Microsoft is eager to point out that this is not a change in update policy. In other words, unsupported Windows builds will not be receiving future updates. The company says this is an exception based on intelligence.
Microsoft adds it is necessary to shore up Windows to stop governments potentially using it as a back door. There is no elaboration as to where the intelligence came from.
Needless to say, it is advisable for all Windows XP users to install the new patches immediately.
The Windows-targeting WannaCry was first observed in the United Kingdom and Spain. The software went global in a short space of time, using malware to block users from their data. As a form of ransomware, it is necessary to pay a Bitcoin ransom before an infected machine is released.
Earlier this year, NSA intelligence admitted hackers had stolen an exploit they used to create a backdoor in Windows. Microsoft responded with a patch, but many machines remained unprotected.
As a result, hundreds of thousands of computers in hospitals, governments, businesses, and homes, were affected by the attack. Among the affected parties were Telefonica, parts of Britain's National Health Service, FedEx, Deutsche Bahn, and LATAM Airlines.