Microsoft Warns of 'Destructive Cyberattacks', Issues New Windows XP Patches

Ed Bott, reporting for ZDNet: Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog.

C'mon, editors!

[__aaclcg7560]

[...] from the job-security-for-non-microsoft-it-workers dept

FTFY

Re:C'mon, editors!

[chispito]

[...] from the job-security-for-non-microsoft-it-workers dept

FTFY

You have it backwards. Who is going to apply these patches? Who is going to help businesses migrate off of old, unsupported versions of Windows (onto newer versions of Windows--let's be real here)?

Answer: Not non-Microsoft-IT-workers.

But don't worry, there is plenty of work for all, when you consider all of the upatched OpenSSL, ImageMagick and SAMBA out there. Or, you know, WordPress.

Re:C'mon, editors!

[...] from the job-security-for-non-microsoft-it-workers dept

FTFY

You have it backwards. Who is going to apply these patches? Who is going to help businesses migrate off of old, unsupported versions of Windows (onto newer versions of Windows--let's be real here)? Answer: Not non-Microsoft-IT-workers. But don't worry, there is plenty of work for all, when you consider all of the upatched OpenSSL, ImageMagick and SAMBA out there. Or, you know, WordPress.

None of my networks. But that's because patching 1,000 systems at a time is pretty easy when you have puppet, salt, or clusterssh. Unfortunately Windows doesn't support that crap. Just 'approve' an update in WSUS and hope the system installs it at some point. Maybe you'll get a generic and unintuitive 'failed' message back.

Re:C'mon, editors!

I run Wordpress and I've never been Ha-fuuuuuuuuck

Re:C'mon, editors!

Does WSUS even support Windows 2003 and XP any more? I thought that got dropped in the upgrade from WSUS 3.x to 4 .x (which was required to support Windows 10 and later).

Re:C'mon, editors!

[chispito]

SCCM is the MS equivalent of what you are describing. It does a lot more, but it is commonly used for patching.

Re: C'mon, editors!

Generally I don't like you. But you're right on that one.

Re: C'mon, editors!

And yet I still manage to point out to our sccm admin machines that are missing key patches (as discovered by a nessus scan)

External experts seem to think we do stuff right (in sccm) so i guess its just a bit flakey or somethin.

WHAT XP UPDATES???

There are no XP updates this month. What the hell is this guy talking about?

Re:WHAT XP UPDATES???

[WillAffleckUW]

There are no XP updates this month. What the hell is this guy talking about?

None for Win 7 either. Somebody messed up bad.

Re:WHAT XP UPDATES???

[campuscodi]

Source: https://blogs.windows.com/wind...

Re:WHAT XP UPDATES???

[redmid17]

You guys?

https://support.microsoft.com/...

Re:WHAT XP UPDATES???

it's a trap. They're gonna implant telemetry on devices that didn't support it. They wanna reach the last pitiful win user.

Link to XP patches?

It would be nice if either TFA actually linked to the patches.

Re:Link to XP patches?

[b0bby]

ZDnet links here:

https://portal.msrc.microsoft....

There are 4 pages of patches so I assume XP is on one of them.

Re:Link to XP patches?

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4024323

It would be nice if there was a link to the "supported" patches too, or they used the same damn KB number ...

Re:Link to XP patches?

[b0bby]

My assumption appears to be wrong, I can't find any XP patches on that page.

Re:Link to XP patches?

[Spy+Handler]

You assume wrong. Nothing for XP in any of the 4 pages.

Re:Link to XP patches?

[perpenso]

It would be nice if either TFA actually linked to the patches.

It would also be nice if MS would make available for download that final Win XP service pack.

Seriously, final service packs for obsolete/unsupported versions of Windows have to be removed from the download site?

Re:Link to XP patches?

[thomst]

I've NEVER said this about an AC post before, but MOD PARENT +1 INFORMATIVE!

Re:Link to XP patches?

Was there another SP after SP3?

Right now, I have SP3 and a folder with something like 80+ extra patches.that came after.

Re:Link to XP patches?

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

Re:Link to XP patches?

[Darinbob]

This comes from quoting a zdnet article rather than going to the source. Slashdot is all about making sure the reader has to do lots of research until the real story is discovered. But if you go to the microsoft pages the information can be uncovered.

Re:Link to XP patches?

That is just one of the XP patches. They are all here, along with Win 8 and S2003

https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

Re:Link to XP patches?

[stooo]

Here's a link to a better patch:
https://linuxmint.com/

Re:Link to XP patches?

[Opportunist]

The question that is required here is why you still run XP.

Re:Link to XP patches?

[perpenso]

The question that is required here is why you still run XP.

I have a virtual machine for testing purposes in case someone paying the bills say they want the software I'm writing to work on XP. The virtual machine needs the final service pack to install its tools (drivers, management).

If by unprecedented you mean last month, then no.

Seriously ... they literally set the precedent exactly a month ago.

Great news!

This is great news for the people. Companies of all stripes are going to see that you can't walk away from your products and expect your brand to survive.

Microsoft knows they will suffer the brand damage if they don't release patches they never stopped producing. Now, they can shift the blame to people who don't patch.

Re:Great news!

[mfh]

Now, they can shift the blame to people who don't patch.

Depends on why someone is running XP. If it's for business and software relies on that os for some reason, that's one major case. Another is the case of older folks who don't know much about computers so they are running the same thing they have ran since they bought the machine. Maybe they never ran an update?

True story. I got a call from my ex about her father's computer and I'm a nice person so I head over to his place because he "can't get the interenet". Show up and he has 1200+ unknown processes running and the mouse is lagging horribly due to the lack of RAM available.

I tried not to laugh but he had some malware and this malware was in a battle against some other malware. A malware battle royal was taking place on his system. Worms were strangling one another.

He was running Vista. I said plainly that the computer was salvageable but unless he had the original disks it would probably be more expensive to get a new OS installed than to buy a new computer at that point.

So I told him I had a couple hours to burn and would gladly help him buy a new one.

By the time I was done he was on a rocketship compared to that boat-anchor system. I patched his system, got him all the software and ran ccleaner for him plus installed malwarebytes. He was overjoyed.

A WEEK LATER, I get a call that he can't get on the internet. I show up and he had his old system connected to the router. I guess he thought it was needed to go in THAT port and not his new computer??? IDK but these older users always give me a good chuckle but I def try to help whenever possible. :)

Re:If by unprecedented you mean last month, then n

[Spy+Handler]

and before that, the conficker manual patch for XP.

But I guess you could say it's "unprecedented" since the beginning of this month...

Re:If by unprecedented you mean last month, then n

[sinij]

I read 'unprecedented' as 'unusual, since releasing security patches for a product that was long past EOL is unusual. Not many organizations willing to do that and MS should be commended.

... but what other "features"?

[Lead+Butthead]

Does it add any new telemetry tracking... ahm, "features" to those "obsolete" products?

Re:... but what other "features"?

Like the NSA code added to android for 'security'.. Dynamic loading of remote content to check for 'unknown/new security threats'.. IE: backdoor, in their case that is..

Re:... but what other "features"?

Does it add any new telemetry tracking... ahm, "features" to those "obsolete" products?

Of course! This is the very reason for the patch.

Re:If by unprecedented you mean last month, then n

XP, the zombie OS that just keeps on going. It is well into its after life now, which according to most religious scriptures lasts forever.

Get the Patches

[ntsucks]

TL;DR

http://www.catalog.update.micr...

Re:Get the Patches

[Thelasko]

TL;DR

http://www.catalog.update.micr...

Someone finally found it!

Re:Get the Patches

That's last month's upgrade

Re:Get the Patches

Nope, that's last month's update.

Re:Get the Patches

[gustygolf]

Correct URL: https://support.microsoft.com/...

A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.

The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.

Emphasis mine. Frankly, it doesn't seem very critical for us desktop users.

According to this page, only XP and 2003 Server are affected. Vista and newer aren't.

Doesn't help me

All Windows 7 updates have failed on my machine since August last year, and I've tried everything possible to fix the problem, including all Microsoft troubleshooting tools. Every update gets rolled back. It's ridiculous.

Re: Doesn't help me

Same here. Getting Windows updates on 7 requires you to surf the MS KB and manually download and run the patches.

Re:If by unprecedented you mean last month, then n

[Kjella]

I read 'unprecedented' as 'unusual

Except unprecedented is much stronger, it very explicitly means that it's never, ever happened before. If you can point to even a single previous instance, then it's by definition wrong to use it. And since Microsoft recently did release a patch for an EOL product, using it now is plain wrong. Nice by Microsoft, but still wrong. It also makes me wonder how well a "ten more years of security patches" upgrade for Win7 would sell...

adjective
1. without previous instance; never before known or experienced; unexampled or unparalleled:

more of the same

[weedjams]

http://i.imgur.com/umG2mN7.png

Re:If by unprecedented you mean last month, then n

[WheezyJoe]

Yep. Reported right here, one month ago.

and it's not the desktops you should be worried about. It's the ATM's, cash registers, medical/hospital machines, metro/subway kiosks, traffic-light controllers, maybe even devices used by Army field personnel or on Navy ships and submarines (horrors...), uncounted masses of machines in use every day that you'd never guess are running Windows XP with no viable means of upgrading short of scrapping them entirely. XP lived long enough to become the go-to OS for way too much stuff.

Re:If by unprecedented you mean last month, then n

[sinij]

I read 'unprecedented' as 'unusual

Except unprecedented is much stronger, it very explicitly means that it's never, ever happened before. If you can point to even a single previous instance, then it's by definition wrong to use it. And since Microsoft recently did release a patch for an EOL product, using it now is plain wrong. Nice by Microsoft, but still wrong. It also makes me wonder how well a "ten more years of security patches" upgrade for Win7 would sell...

adjective 1. without previous instance; never before known or experienced; unexampled or unparalleled:

Your point is both correct and pedantic.

You Had One Job - Links Please

How about some god damn links with specific KB numbers?
And not links posted a month ago.

Re:You Had One Job - Links Please

[weedjams]

the latest one: http://www.catalog.update.microsoft.com/Search.aspx?q=4025218

sort by date: http://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+Windows+XP+SP3

Re:You Had One Job - Links Please

[stooo]

There's a better patch for that :
https://linuxmint.com/
BTW, You don't need a KB number.

Liability

[Kergan]

What might be MS's liability if old time XP users sue owing to security issues that don't get patched?

Re:Liability

[James+Carnley]

Zero. XP is unsupported and there is no reasonable assumption that it is secure.

Re:Liability

If XP is unsupported then the copyright on it should vaporise? Are they still making money from XP in some way as to not be held accountable?

Re:Liability

Read the disclaimer on EULA: they are not to be held accountable, regardless of copyright.

Copyright for a work made for hire (and all commercial software belongs there) expires 120 years after the work was created, or 95 years after it was first published, whichever comes first. Essentially, first software for first electronic computers might legally enter public domain somewhere in 2030's and 2040's. 8-bit computer games and applications made by companies? Not until into 2070's. For all practical purposes, except history, copyright is forever.

Re:Liability

XP embedded (POS, WES9, etc...) are still supported and used. Some versions until 2019.

Re:Liability

[Opportunist]

I'm still surprised this holds any water in court. Imagine car manufacturers trying to get away with bullshit like that.

"You get this car as-is. If you lose a wheel and kill yourself or a few dozen bystanders, it ain't our fault, no matter whether it actually is due to shoddy manufacturing or poor engineering. We'll fix your car (provided that it first fell apart due to our gross negligence and not your fault), but only for the next 5 years. Any fault you find after that you have to live with, because we won't fix it and you ain't allowed to!"

Re:Liability

[Opportunist]

POS is a very apt description of those boxes...

Re:Liability

Why should the copyright expire? Do movies or books get updated after they are released?

I don't think the current copyright terms are reasonable, but I also hate bad arguments.

Re:Liability

Probably about the same as they would be with Windows 10.

There are specific clauses in the EULA that say they can't be held responsible for both.

don't trust them

these patches likely are backdoors.
use these to not get pwned they say, use these and defintiely get pwned, as these are from microNSAoft

Microsoft's search sucks

If you search for "windows XP", the last patch was released in 2014:

https://www.catalog.update.mic...

If you search for "windows XP sp3", then you can find the last patches that were just released:

https://www.catalog.update.mic...

Re:If by unprecedented you mean last month, then n

Pedantic, the best kind of correct?

Re:If by unprecedented you mean last month, then n

Neutral European here, not a fan of either side.

Good, then either side can kill you with a clear conscience.

Protip: There's no such thing as "neutral" in the real world. Other people's actions will force you to make a choice. Best to make it now when you have options besides death or a concentration camp.

I don't care. I only have a couple of windows machines left and will be changing OS going forward. I won't install anything from MS. They have totally lost any small amount of trust they may have ever had. I've gone as far as removing the update executables so patches can't even be downloaded and installed manually. I don't have anything worth anything on them anyway. No banking/financial or anything else except some old, obsolete games. I'll leave them directly connected to the 'net by high-speed fiber. Let the DDoSing, phishing, and cyberattacks roll!

Re:If by unprecedented you mean last month, then n

[thegreatbob]

Pedantic, the best kind of correct?

Technically, yes.

What about an update-roll up for vista xp 7 08r2?

[Joe_Dragon]

What about an update-roll up for vista / xp / 7 / 08r2?

It does not need to be an full on SP but just something that is one exe. Vista is very painful to get on the update train after an clean install. 7 is better but an sp3 that is just an update roll up of sp2 is nice to have.

XP for the most part works with the 3rd party sp4 but that will needed a bit of windows update after installing.

But but but...

Won't that undercut sales on Windows 10? If they don't punish people for the temerity of trying to use what they've already paid for, how will they ever get all the people who refused to "upgrade" to their latest re-release of the same warmed-over shit, over and over again?

Not for Windows 7

Here's the MS article...
https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

Article ID: 4025687 - Last Review: Jun 13, 2017 - Revision: 13
Applies to:
Windows Vista Service Pack 2, Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise, Windows Vista Starter, Microsoft Windows XP, Microsoft Windows XP Professional, Microsoft Windows XP Home Edition, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition, Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86), Microsoft Windows Server 2003 R2 Enterprise x64 Edition, Microsoft Windows Server 2003 R2 Standard x64 Edition

Does NOT apply to:
Windows 7

Does that seem kind of weird to anyone?

Windows XP POSReady version is still supported

POSReady version of Windows XP is still supported by Microsoft. Of course they have patches. POSReady is no different from XP Professional internally. You can enable POSReady updates on your regular XP via a simple registry change.

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]

"Installed"=dword:00000001

Just booted my XP VM with this hack and sure enough it had the KB4024323 update.

Running XP (or any Windows) with SMB/NetBT/random-shit-microsoft-protocol listeners enabled is just dumb. All this can be disabled with simple registry hacks.

If only there was a patch for IT Dept mentality

[LANjackal]

Can't wait for IT departments to not install these patches and then 1) Blame MS when they're hacked 2) Scream bloody murder at Microsoft's attempt to enable automatic updates.

Re:If by unprecedented you mean last month, then n

[arglebargle_xiv]

They'll be delivered automatically through Windows Update to devices running supported versions.

And if you're in the select few, you'll end up in a bluescreen-reboot loop after the updates. So you'll get your "Destructive Cyberattack" courtesy of Microsoft rather than the malware authors. And if you're unlucky enough to be on Win10, there's almost no way to block it.

How does MS know attacks are coming?

...unless they are the attackers?

Re:What about an update-roll up for vista xp 7 08r

[Neo-Rio-101]

Or, you know, the black edition Windows XP off Pirate Bay that's been modified with all the patches up to 2015 and access to the POS patches as well.

Microsoft knew about WannaCry 6 months ago

Did you know that the patches recently issued to fix WannaCry were finalized and digitally signed 6 months ago?

Everything suggests NSA/CIA were behind WannaCry, to sample and investigate what kind of damage could be achieved and how they could use attacks like these against all other countries in the world. When they had the information they needed, they allowed Microsoft to send out the ready-made patches ASAP to minimize the damage.

Of course there was no company-wide memo sent down to everyone including the janitor and the ladies in the cafeteria. With these things, a combined comply-and-gag court order from the NSA was given to just a handful of people required to get the work done.

Makes you wonder exactly what the U.S. is up to.

XP patches unreachable on XP IE

In a case of footgun, Microsoft failed to provide reasonable access to the patches directly from XP/2003 because the damn page for the unsupported OS patches won't load in the IE version they have (even with the TLS crypto upgrade hotfix installed).

Which means you have to know the individual KB numbers and search/download from the update catalog site. Manually, for each damn KB. Of all the SSL exceptions approved by the CA/B Forum, a specific download site for old stuff from Microsoft for old browsers should have been obvious...

Will Microsoft f**k all of us again?

Have a new processor running windows 7? Need a security update? Microsoft says: "We hate our customers!" by adding a nice popup saying you have "Unsupported Hardware" every 3 minutes and no more updates!

Because we're Microsoft, we'll spy on you and screw you however we can.

Would love to trust this update, but Microsoft has become untrustworthy.