Skip to main content

Microsoft releases new Windows XP security patches, warns of state-sponsored cyberattacks

Microsoft releases new Windows XP security patches, warns of state-sponsored cyberattacks

/

An unprecedented move

Share this story

Bliss XP wallpaper

Microsoft issued a “highly unusual” patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the malware which encrypts a computer and demands a $300 ransom before unlocking it. Microsoft stopped supporting Windows XP in April 2014, but the software giant is now taking the unprecedented move of including it in the company’s Patch Tuesday round of security updates today.

“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” says Adrienne Hall, general manager of crisis management at Microsoft. “To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.”

Microsoft warns of more WannaCry-like attacks

Microsoft says it is releasing updates for Windows XP, Windows Vista, and all other more recent unsupported and supported versions of Windows due to an “elevated risk” of attacks that are similar to the WannaCry malware. The patches will be made available on Microsoft’s Download Center or Windows Update. Microsoft says this move to release security updates for platforms not in extended support “should not be viewed as a departure from our standard servicing policies,” and that this is an exception based on intelligence that led it to believe government organizations may use these new vulnerabilities to attack Windows systems.

Microsoft isn’t explaining who or what has tipped the company off to these potential new attacks. March’s security patches included fixes for hacking tools that were leaked from the NSA, and Microsoft didn’t acknowledge the source of the security flaw reports then either. There has been speculation that The Shadow Brokers, a group that leaked the NSA exploits, tipped Microsoft in advance to the previous exploits. Microsoft also mysteriously delayed its Patch Tuesday release in February by a month in an unprecedented move, blaming a "last minute issue".

If you're still running Windows XP then these new patches should be installed immediately, even though Windows XP wasn't as badly affected by the first WannaCry attacks. While almost all WannaCry victims were running Windows 7 without the latest security updates, it's not clear if these new attacks might target Windows XP more aggressively this time around.