Microsoft Patches All Windows Versions Against Ransomware, Nation-State Attacks

Posted June 29, 2017

Windows XP was not affected by the malware (although the operating system is weak to the EternalBlue exploit, WannaCry itself persistently crashed before managing to encrypt drives), but a number of the affected systems were running Windows Vista, a slightly newer unsupported version of the operating system.

Writing on its Patch Tuesday blog, Microsoft explained that during a security review, it came across some additional vulnerabilities that could be exploited.

On top of the patches specifically aimed at addressing heightened risks, Microsoft had a regular patch Tuesday release today.

Users of Windows 10 and Windows 8.1, which are now supported by Microsoft, need not worry about the latest patch as it will be updated automatically.

Compared to previous updates, build 15223 for Windows 10 Mobile is relatively small in changes, being just one iteration from build 15222 which was made available late last week. But the company sought to emphasize that updates for older systems will not be routine.

I guess we can no longer describe these updates as unprecedented because this is now two months in a row that Microsoft has released patches to address a security threat on older systems and that my friends is called precedence. However the hacker group, TheShadowBrokers, last month vowed to release monthly dumps, including new Windows exploits that were stolen from a hacking team within the US National Security Agency (NSA).

Now, in an even more unusual move, Microsoft has chosen to include Windows XP in this month's Patch Tuesday.

There's a reason why Microsoft released XP and Server 2003 patches again this month. For manual download links, see "Older Platforms Table 3 of 3" at the bottom of Security Advisory 4025685 (note that the link for Win8 doesn't appear to be working). The Pentagon, Army and Navy run "Windows XP eradication efforts" to kill off software that's always been declared past its "end of life" date by Microsoft. A custom agreement is a fairly costly option that's purchased mostly by large organizations.

Microsoft noted that these legacy system and Windows XP fixes must be manually downloaded.

While Microsoft has made a one-off exception to dole out a public update for an out-dated platform from their stable, they also recommend that "the best protection is to be on a modern, up-to-date system that incorporates the latest innovations". Normally, patches for unsupported versions of Windows are available only for Microsoft customers on an expensive extended support contract.

Microsoft also used the malware as an opportunity to plug for Microsoft Edge, its semifunctional non-browser that's good for maximizing battery life and not much else.