Following the recent WannaCry ransomware attack that stemmed from a leak of NSA exploits, Microsoft took the unusual step of patching Windows XP to protect against the attack despite the fact that support for the operating system ended in 2014. Now, Microsoft is taking an unprecedented step to patch more vulnerabilities in Windows XP and other older, unsupported Windows releases as part of its regular Patch Tuesday updates.
The reason for the new patches is to combat an "elevated risk" of cyber attacks by nation-state actors, Microsoft says.
In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows. Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.
Microsoft is quick to point out in a Technet post about the updates that this should not be interpreted as a departure from standard servicing policies.
It's unclear what information came to light to causee Microsoft to make this move, but it's highly likely the sensitive environment following the WannaCry scare is at least in part responsible. Machines that are still running XP should be updated with the latest patches found onWindows Update or the Download Center right away.
