Microsoft has released emergency Windows XP updates to tackle exploitation of the Windows Server Message Block (SMB) vulnerability used to infect computers globally with ransomware on May 12, 2017.
The move came as a shock as the operating system is no longer supported. Extended support finished from April 8, 2014. Yesterday, saw additional Microsoft Windows XP updates made available. The patches prevent more flaws in the operating system from being exploited by hackers in WannaCry ransomware-style attacks.
Microsoft’s Cyber Defense Operations Center head, Adrienne Hall, commented “Due to the elevated risk for destructive cyber-attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.”
In total, nearly 100 flaws were patched this Patch Tuesday, including 18 critical flaws that can be remotely exploited by cybercriminals to take full management of susceptible systems. In some instances, as was the case with the WannaCry ransomware attacks, no user interaction is required for the flaws to be exploited.
Some security specialists have criticized Microsoft for issuing yet more Windows XP updates, arguing that this shares a message to users of outdated operating systems that it is OK not to upgrade the OS. Windows XP has many unpatched flaws, but the recent Windows XP updates indicate that if a particularly serious vulnerability is identified that is being actively exploited, patches will be released.
While Microsoft Windows XP updates have been made available, this should not be taken as representing a change in Microsoft’s standard servicing policies. More patches may not be released for unsupported Windows versions, so Groups should not delay upgrading their OS. Microsoft’s general manager of its Security Response Center, Eric Doerr, stated “The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.”
Overall, there were 95 updates released in this patch on Tuesday. Like CVE-2017-8543, a LNK remote code execution vulnerability (CVE-2017-8464) is also being exploited in the wild.
The latest round of updates also comes with a patch for a serious flaw in Microsoft Outlook (CVE-2017-8507). Typically, in order to target vulnerabilities an end user would be required to open a specially crafted email attachment. However, if an attacker were to share a specially composed message to an Outlook user, simply viewing the message would allow the attacker to take full management of the machine.
Adobe has also released a range of updates to address 21 vulnerabilities spread across four products (Flash, Shockwave Player, Captivate and Adobe Digital editions). 15 of those flaws have been labelled as critical and would allow remote code execution.
As the WannaCry ransomware attacks clearly indicated, the failure to run patches promptly leaves the door wide open to hackers.
