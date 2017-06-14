Microsoft has released its June Patch Tuesday updates on-schedule, and with them yet another security fix for Windows XP - the operating system that just won't die.
Windows XP was initially scheduled to enter End of Life (EOL) status in 2008, seven years after its launch, and while April 2008's Service Pack 3 was the last official update bundle, its popularity led to several stays of execution through to 2014 - a whopping 13 years after its original release - as Microsoft addressed ongoing security issues threatening corporate customers who had not yet made the leap to the operating system's successors. Even then, a post-EOL security patch in 2014
reset the clock, and the WannaCry ransomware, also known as WCrypt or WannaCrypt,
again forced Microsoft's hand into releasing a Windows XP update, now 16 years past its launch and nine years past its original retirement date.
While the Windows XP patch for the WannaCry malware was positioned as an unusual response to an unusual attack, relying as it did on exploits collected by and subsequently leaked from the US National Security Agency (NSA), Microsoft has once again reset the clock on the OS that just won't die with yet another post-EOL security patch. 'In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organisations, sometimes referred to as nation-state actors, or other copycat organisations,
following last night's Patch Tuesday releases. 'To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.
'Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt. It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.
In addition to the fixes for a WannaCry-style malware apparently currently exploiting systems in-the-wild, this month's Patch Tuesday release includes security updates for the company's Office products, various Windows releases, the Silverlight platform, Adobe Flash Player, Internet Explorer 11, and Microsoft Edge.
It's also good to know the NSA and GCHQ are working tirelessly to defend us from cyber attack.
The idea of not having to buy a new OS every couple of years sounds more and more appealing, and MacOS kinda does the same since they first released OSX and nowadays MacOS is even for free.
Anyways, WinXP was a damn good OS and it's no wonder alot of people are still using it, especially in the business-community where this OS is still used for POS or manufacturing and can't be upgraded due to compatibility-issues.
Just installed the WannaCry-ones and the "auto-update" didn't find it (or anything else) , had to download and install it manually.
I like Arch, but it goes nowhere near any of my production systems (which are either CentOS, Debian or Ubuntu Server depending on a) age of hardware and b) purpose of the machine because in about four years of using Arch, I've had updates break something to the point where I'm swearing at it still after two days... oh, probably once a quarter. Maybe I'm just (un)lucky? The only times I've had anything go amazingly awry with CentOS/Debian was CUDA related.
I like(d) XP (I've even still got a couple of VMs of it for some programs that just won't play ball any other way) but after the VM is installed and SP3 on, that VM never sees the internet again. I'd never willingly run XP on a production system now.
I'd really like Microsoft to just say, "That's it, no more. We've given you lots of chances, if you haven't taken them, tough."
...but I doubt they will, for all sorts of reasons. Just imagine if Apple or Google did that... oh, wait, they do... with way shorter notice, as well.
Also, on Arch you can easily roll-back updates, given that you can boot and access the terminal.
As for the lazy people not wanting to update... There's whole machine-parks still running on XP as they can't update their software, as they use tailormade sofware that only works on that specific OS. They're usually not connected to the internet however and therefore not prone to getting hacked or infected.
I don't see that Microsoft will use the rolling release model from here on with Win10. I'd actually expect them to release a new OS in 2020 instead of doing incremental updates to Win10 for the next 10-20 years that don't cost the enduser anything in addition. Or they'll turn Windows into a subscription-based OS like Office.