Microsoft includes Windows XP in its June Patch Tuesday releases

June 14, 2017 // 11:40 a.m.

Tags: #adrienne-hall #exploit #insecurity #malware #microsoft #national-security-agency #nsa #patch-tuesday #ransomware #security #wannacry #windows-xp

Microsoft has released its June Patch Tuesday updates on-schedule, and with them yet another security fix for Windows XP - the operating system that just won't die.

Windows XP was initially scheduled to enter End of Life (EOL) status in 2008, seven years after its launch, and while April 2008's Service Pack 3 was the last official update bundle, its popularity led to several stays of execution through to 2014 - a whopping 13 years after its original release - as Microsoft addressed ongoing security issues threatening corporate customers who had not yet made the leap to the operating system's successors. Even then, a post-EOL security patch in 2014 reset the clock, and the WannaCry ransomware, also known as WCrypt or WannaCrypt, again forced Microsoft's hand into releasing a Windows XP update, now 16 years past its launch and nine years past its original retirement date.

While the Windows XP patch for the WannaCry malware was positioned as an unusual response to an unusual attack, relying as it did on exploits collected by and subsequently leaked from the US National Security Agency (NSA), Microsoft has once again reset the clock on the OS that just won't die with yet another post-EOL security patch. 'In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organisations, sometimes referred to as nation-state actors, or other copycat organisations,' explained Microsoft's Adrienne Hall in a blog post following last night's Patch Tuesday releases. 'To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.

'Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt. It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.
'

In addition to the fixes for a WannaCry-style malware apparently currently exploiting systems in-the-wild, this month's Patch Tuesday release includes security updates for the company's Office products, various Windows releases, the Silverlight platform, Adobe Flash Player, Internet Explorer 11, and Microsoft Edge.

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU