Microsoft Warns of 'Destructive Cyberattacks', Issues New Windows XP Patches

Ed Bott, reporting for ZDNet: Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog.

Re:C'mon, editors!

[chispito]

[...] from the job-security-for-non-microsoft-it-workers dept

FTFY

You have it backwards. Who is going to apply these patches? Who is going to help businesses migrate off of old, unsupported versions of Windows (onto newer versions of Windows--let's be real here)?

Answer: Not non-Microsoft-IT-workers.

But don't worry, there is plenty of work for all, when you consider all of the upatched OpenSSL, ImageMagick and SAMBA out there. Or, you know, WordPress.

... but what other "features"?

[Lead+Butthead]

Does it add any new telemetry tracking... ahm, "features" to those "obsolete" products?

Re:Link to XP patches?

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4024323

It would be nice if there was a link to the "supported" patches too, or they used the same damn KB number ...

Re:Link to XP patches?

[b0bby]

My assumption appears to be wrong, I can't find any XP patches on that page.

Re:If by unprecedented you mean last month, then n

[Kjella]

I read 'unprecedented' as 'unusual

Except unprecedented is much stronger, it very explicitly means that it's never, ever happened before. If you can point to even a single previous instance, then it's by definition wrong to use it. And since Microsoft recently did release a patch for an EOL product, using it now is plain wrong. Nice by Microsoft, but still wrong. It also makes me wonder how well a "ten more years of security patches" upgrade for Win7 would sell...

adjective
1. without previous instance; never before known or experienced; unexampled or unparalleled:

Re:WHAT XP UPDATES???

[campuscodi]

Source: https://blogs.windows.com/wind...

Re:If by unprecedented you mean last month, then n

[WheezyJoe]

Yep. Reported right here, one month ago.

and it's not the desktops you should be worried about. It's the ATM's, cash registers, medical/hospital machines, metro/subway kiosks, traffic-light controllers, maybe even devices used by Army field personnel or on Navy ships and submarines (horrors...), uncounted masses of machines in use every day that you'd never guess are running Windows XP with no viable means of upgrading short of scrapping them entirely. XP lived long enough to become the go-to OS for way too much stuff.

Re:Liability

[James+Carnley]

Zero. XP is unsupported and there is no reasonable assumption that it is secure.

Re:WHAT XP UPDATES???

[redmid17]

You guys?

https://support.microsoft.com/...

Re:Link to XP patches?

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

Re:Link to XP patches?

That is just one of the XP patches. They are all here, along with Win 8 and S2003

https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms