Industry News

Microsoft issues patches for unsupported Windows version again; tells users ‘don’t get used to it’

To protect customers against the fast-spreading WannaCry contagion in May, Microsoft broke tradition and released express security patches for unsupported versions of its Windows operating system. This month, Microsoft repeats the move amid increasing fears of government-sponsored attacks.

Bad actors could remotely exploit 27 of the 94 individual vulnerabilities patched in this week’s update in a similar manner to the WannaCrypt/WannaCry contagion. Microsoft was quick to clarify in an FAQ that the WannaCry malware is now fully addressed on machines patched with last month’s security update.

“To address this [new] risk, today we are providing additional security updates along with our regular Update Tuesday service,” said Adrienne Hall, General Manager at Microsoft’s Cyber Defense Operations Center, on the official blog for all matters Windows.

“These security updates are being made available to all customers, including those using older versions of Windows,” Hall said. “Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.”

Hall clearly suggests that these two months have been major exceptions to Microsoft’s internal rules, and urges users to upgrade to the newest Windows versions, noting that “the best protection is to be on a modern, up-to-date system that incorporates the latest innovations.”

The Redmond, Washington-based software maker expressly states in security advisory 4025685 that the decision to release security updates for these outdated platforms “should not be interpreted as a change in policy.”

“Customers are encouraged to upgrade to a supported platform,” it adds.

Windows XP and Windows 8 users must manually fetch their patches from Microsoft’s website. In the security bulletin, customers with outdated OSes are offered instructions to manually download applicable security updates.

A noteworthy flaw patched in this week’s update is CVE-2017-8543, which resides in the Server Message Block (SMB) service. Left unpatched, SMB vulnerabilities are hazardous to both end users and corporate networks, as they can allow the spread of “wormable” malware like the WannaCrypt ransomware. This wormlike behavior last month infected more than 300,000 endpoints worldwide and, most notably, temporarily shut down more than a dozen UK hospitals.

Microsoft’s telemetry indicates that the newer SMB flaw is already being exploited in the wild on Windows versions 7, 8.1, and 10, as well as Server editions 2008, 2012 and 2016. Which makes it all the more imperative to apply this week’s patches.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware, and security, and has worked in various B2B and B2C marketing roles. He likes fishing (not phishing), basketball, and playing around in FL Studio.

4 Comments

Click here to post a comment

  • I still have windows XP 32 Bit. How do I upgrade and to which windows 7, 8, or 10????? Seems like the 10 will not come in says it is not compatible. I'm trying to upgrade to make it compatible?

    I have a bitdefender antivirus protection I paid for & I still have 115 days left and it does not work as it is not compatible with this Windows even though B4 I paid for this bitdefender last fall They said it was ok, but obviously it is not. I have a virus I can't seem to get rid of every day the last 2 weeks.

    I still have Google chrome as well, but I would like to upgrade windows & free would be nice, I'm not a walking Lottery ticket.
    Thanks.