Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Warns of 'Destructive Cyberattacks', Issues New Windows XP Patches (zdnet.com)

Posted by msmash on from the security-woes dept.

Ed Bott, reporting for ZDNet: Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog.

42 of 76 comments (clear)

  1. C'mon, editors! by __aaclcg7560 · · Score: 1

    [...] from the job-security-for-non-microsoft-it-workers dept

    FTFY

    1. Re:C'mon, editors! by chispito · · Score: 5, Funny

      [...] from the job-security-for-non-microsoft-it-workers dept

      FTFY

      You have it backwards. Who is going to apply these patches? Who is going to help businesses migrate off of old, unsupported versions of Windows (onto newer versions of Windows--let's be real here)?

      Answer: Not non-Microsoft-IT-workers.

      But don't worry, there is plenty of work for all, when you consider all of the upatched OpenSSL, ImageMagick and SAMBA out there. Or, you know, WordPress.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    2. Re:C'mon, editors! by chispito · · Score: 1

      SCCM is the MS equivalent of what you are describing. It does a lot more, but it is commonly used for patching.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
  2. Link to XP patches? by Anonymous Coward · · Score: 1

    It would be nice if either TFA actually linked to the patches.

    1. Re:Link to XP patches? by b0bby · · Score: 1

      ZDnet links here:

      https://portal.msrc.microsoft....

      There are 4 pages of patches so I assume XP is on one of them.

    2. Re:Link to XP patches? by Anonymous Coward · · Score: 4, Informative

      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4024323

      It would be nice if there was a link to the "supported" patches too, or they used the same damn KB number ...

    3. Re:Link to XP patches? by b0bby · · Score: 2

      My assumption appears to be wrong, I can't find any XP patches on that page.

    4. Re:Link to XP patches? by Spy+Handler · · Score: 1

      You assume wrong. Nothing for XP in any of the 4 pages.

    5. Re:Link to XP patches? by perpenso · · Score: 1

      It would be nice if either TFA actually linked to the patches.

      It would also be nice if MS would make available for download that final Win XP service pack.

      Seriously, final service packs for obsolete/unsupported versions of Windows have to be removed from the download site?

    6. Re:Link to XP patches? by thomst · · Score: 1

      I've NEVER said this about an AC post before, but MOD PARENT +1 INFORMATIVE!

      --
      Check out my novel.
    7. Re:Link to XP patches? by Anonymous Coward · · Score: 2, Informative

      This full list of patches from this month that have something for XP appears to be:
      This KB3197835
      and this KB4012583
      and this KB4018271
      and this KB4018466
      and this KB4019204
      and this KB4022747
      and this KB4024323
      and this KB4024402
      and this KB4025218

    8. Re:Link to XP patches? by Darinbob · · Score: 1

      This comes from quoting a zdnet article rather than going to the source. Slashdot is all about making sure the reader has to do lots of research until the real story is discovered. But if you go to the microsoft pages the information can be uncovered.

    9. Re:Link to XP patches? by Anonymous Coward · · Score: 2, Informative

      That is just one of the XP patches. They are all here, along with Win 8 and S2003

      https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

    10. Re:Link to XP patches? by stooo · · Score: 1

      Here's a link to a better patch:
      https://linuxmint.com/

      --
      aaaaaaa
    11. Re:Link to XP patches? by Opportunist · · Score: 1

      The question that is required here is why you still run XP.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    12. Re:Link to XP patches? by perpenso · · Score: 1

      The question that is required here is why you still run XP.

      I have a virtual machine for testing purposes in case someone paying the bills say they want the software I'm writing to work on XP. The virtual machine needs the final service pack to install its tools (drivers, management).

  3. If by unprecedented you mean last month, then no. by Anonymous Coward · · Score: 1

    Seriously ... they literally set the precedent exactly a month ago.

  4. Re:If by unprecedented you mean last month, then n by Spy+Handler · · Score: 1

    and before that, the conficker manual patch for XP.

    But I guess you could say it's "unprecedented" since the beginning of this month...

  5. Re:WHAT XP UPDATES??? by WillAffleckUW · · Score: 1

    There are no XP updates this month. What the hell is this guy talking about?

    None for Win 7 either. Somebody messed up bad.

    --
    -- Tigger warning: This post may contain tiggers! --
  6. ... but what other "features"? by Lead+Butthead · · Score: 2

    Does it add any new telemetry tracking... ahm, "features" to those "obsolete" products?

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  7. Re:Great news! by mfh · · Score: 1

    Now, they can shift the blame to people who don't patch.

    Depends on why someone is running XP. If it's for business and software relies on that os for some reason, that's one major case. Another is the case of older folks who don't know much about computers so they are running the same thing they have ran since they bought the machine. Maybe they never ran an update?

    True story. I got a call from my ex about her father's computer and I'm a nice person so I head over to his place because he "can't get the interenet". Show up and he has 1200+ unknown processes running and the mouse is lagging horribly due to the lack of RAM available.

    I tried not to laugh but he had some malware and this malware was in a battle against some other malware. A malware battle royal was taking place on his system. Worms were strangling one another.

    He was running Vista. I said plainly that the computer was salvageable but unless he had the original disks it would probably be more expensive to get a new OS installed than to buy a new computer at that point.

    So I told him I had a couple hours to burn and would gladly help him buy a new one.

    By the time I was done he was on a rocketship compared to that boat-anchor system. I patched his system, got him all the software and ran ccleaner for him plus installed malwarebytes. He was overjoyed.

    A WEEK LATER, I get a call that he can't get on the internet. I show up and he had his old system connected to the router. I guess he thought it was needed to go in THAT port and not his new computer??? IDK but these older users always give me a good chuckle but I def try to help whenever possible. :)

    --
    The dangers of knowledge trigger emotional distress in human beings.
  8. Get the Patches by ntsucks · · Score: 1

    TL;DR

    http://www.catalog.update.micr...

    --
    Those who can do. Those who can't sue.
    1. Re:Get the Patches by Thelasko · · Score: 1

      TL;DR

      http://www.catalog.update.micr...

      Someone finally found it!

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    2. Re:Get the Patches by gustygolf · · Score: 1

      Correct URL: https://support.microsoft.com/...

      A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

      To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.

      The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.

      Emphasis mine. Frankly, it doesn't seem very critical for us desktop users.

      According to this page, only XP and 2003 Server are affected. Vista and newer aren't.

      --
      "Slow Down Cowboy! It's been 58 minutes since you last successfully posted a comment" -- slashdot, driving users away.
  9. Re:If by unprecedented you mean last month, then n by Kjella · · Score: 4, Informative

    I read 'unprecedented' as 'unusual

    Except unprecedented is much stronger, it very explicitly means that it's never, ever happened before. If you can point to even a single previous instance, then it's by definition wrong to use it. And since Microsoft recently did release a patch for an EOL product, using it now is plain wrong. Nice by Microsoft, but still wrong. It also makes me wonder how well a "ten more years of security patches" upgrade for Win7 would sell...

    adjective
    1. without previous instance; never before known or experienced; unexampled or unparalleled:

    --
    Live today, because you never know what tomorrow brings
  10. Re:WHAT XP UPDATES??? by campuscodi · · Score: 2

    Source: https://blogs.windows.com/wind...

  11. more of the same by weedjams · · Score: 1

    http://i.imgur.com/umG2mN7.png

  12. Re:If by unprecedented you mean last month, then n by WheezyJoe · · Score: 4, Interesting

    Yep. Reported right here, one month ago.

    and it's not the desktops you should be worried about. It's the ATM's, cash registers, medical/hospital machines, metro/subway kiosks, traffic-light controllers, maybe even devices used by Army field personnel or on Navy ships and submarines (horrors...), uncounted masses of machines in use every day that you'd never guess are running Windows XP with no viable means of upgrading short of scrapping them entirely. XP lived long enough to become the go-to OS for way too much stuff.

    --
    Take it easy, Charlie, I've got an Angle...
  13. Liability by Kergan · · Score: 1

    What might be MS's liability if old time XP users sue owing to security issues that don't get patched?

    1. Re:Liability by James+Carnley · · Score: 5, Insightful

      Zero. XP is unsupported and there is no reasonable assumption that it is secure.

    2. Re:Liability by Opportunist · · Score: 1

      I'm still surprised this holds any water in court. Imagine car manufacturers trying to get away with bullshit like that.

      "You get this car as-is. If you lose a wheel and kill yourself or a few dozen bystanders, it ain't our fault, no matter whether it actually is due to shoddy manufacturing or poor engineering. We'll fix your car (provided that it first fell apart due to our gross negligence and not your fault), but only for the next 5 years. Any fault you find after that you have to live with, because we won't fix it and you ain't allowed to!"

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Liability by Opportunist · · Score: 1

      POS is a very apt description of those boxes...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  14. Microsoft's search sucks by Anonymous Coward · · Score: 1

    If you search for "windows XP", the last patch was released in 2014:

    https://www.catalog.update.mic...

    If you search for "windows XP sp3", then you can find the last patches that were just released:

    https://www.catalog.update.mic...

  15. Re:You Had One Job - Links Please by weedjams · · Score: 1
    the latest one: http://www.catalog.update.microsoft.com/Search.aspx?q=4025218

    sort by date: http://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+Windows+XP+SP3

  16. Re:WHAT XP UPDATES??? by redmid17 · · Score: 3, Informative

    You guys?

    https://support.microsoft.com/...

  17. Re:If by unprecedented you mean last month, then n by thegreatbob · · Score: 1

    Pedantic, the best kind of correct?

    Technically, yes.

    --
    There is no XUL, only WebExtensions...
  18. What about an update-roll up for vista xp 7 08r2? by Joe_Dragon · · Score: 1

    What about an update-roll up for vista / xp / 7 / 08r2?

    It does not need to be an full on SP but just something that is one exe. Vista is very painful to get on the update train after an clean install. 7 is better but an sp3 that is just an update roll up of sp2 is nice to have.

    XP for the most part works with the 3rd party sp4 but that will needed a bit of windows update after installing.

  19. Re:You Had One Job - Links Please by stooo · · Score: 1

    There's a better patch for that :
    https://linuxmint.com/
    BTW, You don't need a KB number.

    --
    aaaaaaa
  20. If only there was a patch for IT Dept mentality by LANjackal · · Score: 1

    Can't wait for IT departments to not install these patches and then 1) Blame MS when they're hacked 2) Scream bloody murder at Microsoft's attempt to enable automatic updates.

  21. Re:If by unprecedented you mean last month, then n by arglebargle_xiv · · Score: 1

    They'll be delivered automatically through Windows Update to devices running supported versions.

    And if you're in the select few, you'll end up in a bluescreen-reboot loop after the updates. So you'll get your "Destructive Cyberattack" courtesy of Microsoft rather than the malware authors. And if you're unlucky enough to be on Win10, there's almost no way to block it.

  22. Re:WHAT XP UPDATES??? by Anonymous Coward · · Score: 1

    it's a trap. They're gonna implant telemetry on devices that didn't support it. They wanna reach the last pitiful win user.

  23. Re:What about an update-roll up for vista xp 7 08r by Neo-Rio-101 · · Score: 1

    Or, you know, the black edition Windows XP off Pirate Bay that's been modified with all the patches up to 2015 and access to the POS patches as well.

    --
    READY.
    PRINT ""+-0