We continue to experience the side effects of WannaCry after its breakthrough in the computer landscape last month. This ransomware sowed panic among users and businesses around the world, spreading rapidly around the world.
Within these side effects we find a warning made by Microsoft, according to which there is a “high risk of destructive cyber attacks” as recorded in ebuddynews. In addition, this warning comes with an unprecedented move: the Redmond company will release security patches for Windows XP among other unsupported operating systems.
These latest security updates are added to the usual updates every Tuesday, as reported. They will be automatically released through Windows Update to machines running Windows 7, Windows 8.1 and Windows 10, as well as to Windows Server versions later than 2008.
As for the patches for systems not supported, they include those already mentioned of Windows XP and also patches for Windows Server 2003. These two systems, even though Microsoft no longer officially offers updates for them, are still used in a good number of businesses.
For those who want to update these systems Microsoft has published a guide that offers everything needed to take the operation out, including download links to security patches and much additional information.
High risk of attacks by governmental actors, among others
Adrienne Hall, general manager of Cyber Defense Operations Center of Microsoft, quoted in an article that there is a “high risk of cyber attacks by government organizations, sometimes referred to states or other imitation organizations.”
The same article notes that the updates are designed to offer “better protection against potential attacks with similar features to WannaCry”. At no point is it clear whether Microsoft has received any kind of warning about imminent attacks, even though seeing updates for Windows XP and Windows Server 2003 makes it seem like something serious.
In another article by Eric Doerr, general manager of the Microsoft Security Response Center, he pointed out that these critical security updates “target vulnerabilities that are at risk of exploitation due to past activity by government actors.”
Doerr also took the opportunity to warn users that they still use unsupported systems that there will be more patches like these in the future:
“Our decision to release these security updates for platforms that do not have extended support should not be understood as a change and direction of our standard service policies. Based on an assessment of the current threat landscape by our security engineers, we have made the decision to make updates more widely available. As always, we recommend our customers upgrade to the latest platforms. The best protection is to use a modern and up-to-date system that incorporates the latest innovations in cyber-defense. Older systems, even though they are fully up-to-date, do not have the latest features and advances in security.”
WannaCry and its side effects continue to war. It is good news that Microsoft has decided to get out (if only slightly) of its policies to cover unsupported systems. We will see for how long they maintain this attitude.