Microsoft issues security patches for Windows XP to combat elevated cyberattack risk

By Dan Thorp-Lancaster
published

Following the recent WannaCry ransomware attack that stemmed from a leak of NSA exploits, Microsoft took the unusual step of patching Windows XP to protect against the attack despite the fact that support for the operating system ended in 2014. Now, Microsoft is taking an unprecedented step to patch more vulnerabilities in Windows XP and other older, unsupported Windows releases as part of its regular Patch Tuesday updates.

The reason for the new patches is to combat an "elevated risk" of cyber attacks by nation-state actors, Microsoft says.

In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows. Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.

Microsoft is quick to point out in a Technet post (opens in new tab) about the updates that this should not be interpreted as a departure from standard servicing policies.

It's unclear what information came to light to causee Microsoft to make this move, but it's highly likely the sensitive environment following the WannaCry scare is at least in part responsible. Machines that are still running XP should be updated with the latest patches found onWindows Update or the Download Center right away.

Dan Thorp-Lancaster
Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

43 Comments
  • But why?
  • Because there are plenty of very important systems that still have XP running. Granted it's on those people that are running XP, but Microsoft is doing the right thing, morally, by protecting the systems that still are vulnerable.
  • And people still **** on MS. Wow, such disrespect.
  • In addition to protecting the users, it protects everyone. Unprotected XP machines can be used in botnets, and other mass attacks.
  • It's more likely that those vulnerable systems are likely to be used as an attack vector for networks (create a bot network, DDOS, etc.)
  • Why not?
  • Because certain government agencies are still running on xp.
  • And have the cheek to blame (or divert blame) onto MS in the media - when they had years of notice, an extended service plan and STILL fail to act. Yes, looking at you Theresa May and Jeremy (C)Hunt.
  • Still running XP on one of my machines, best OS ever, PERIOD.
  • I'll give you it was one of the better editions of Windows. It had its problems in the beginning as well, like they all do.
  • Same problems as Vista as a matter of fact! Ironing
  • But why? It is so feature and security obsolete at this point that I can't think of a single practical reason for a consumer to be running such old software.
  • Because that's the best computer they can afford?
  • Wipe it and put Linux on it, for continued security updates.
  • Although that might be an option for a minority of people, Linux is still scary for the masses.  And the system requirements for a user-friendly version are just as bad as recent versions of Windows.
  • Despite some occasional lag, my dual core, Pentium D @ 2.8ghz, with 1gb Ram, 256mb GPU and 160gb HDD runs Ubuntu 16.04 pretty easily, and works fine as a Plex server. It's about as easy as windows to use (it basically looks like OSX) No excuse! >:3
  • It's not because of consumers its because of government and enterprise if it were only consumers MS wouldn't even bother.
  • Incorrect. We know exactly who our user base is, and the updates are to protect everyone.
  • I'll give you a major one for companies even though I doubt some people here will understand it. Some systems are running very expensive customized software which must interact with other hardware. We were running XP up until a few years ago at work. Now we are on 7 which the software that our machines are running on only began supporting without major bugs the year prior. The upgrade of 1 machine was around $100k as other components needed upgrading as well in order to work with the new software. This is without including downtime and loss of production during a week long upgrade process probably costing the company a million dollars in production. The upgrade doesn't result in more production. Just brings better support for a more up-to-date system. This is why companies put it off for as long as they can. Especially smaller companies like the one I work for.
  • It's crazy how some people are so arrogant that they think you're wrong or stupid because you're using the OS that makes you happy.
  • U kinda are if it's this old and unsecured
  • Hmm not judging but this can be two independant and correlated facts.... You CAN be happy AND stupid at the same time, those are not mutually exclusive...
  • What makes it the best OS ever?
  • Best security patch available? Upgrade to the current version of the OS.
  • Just let it die MS
  • I haven't used XP in a decade, it doesn't support newer hardware or software properly, might as well use windows 98 lol.
  • Wow.  I haven't seen it that way before, but you're right.  I moved from XP to Vista beta back when it came out in 2007.  Aside from test systems, when I needed every platform, I haven't actively been on XP since then.
  • Darn it, Russia! This is why we can't have nice things.
  • It fashionable to blame Russia but these were NSA tools that was leaked.
  • Morally correct.
  • I can't do the update. Has anybody actually applied the update?
  • This is a great move by Microsoft.
  • I don't think Windows XP will ever die.
  • So why no patch for win95/98/NT4.0?
  • Thanks Microsoft. Indian banks will take relief
  • Ok perfect have been compared to a recent massive attack due to the influence of the hackers to undermine operating systems in decline, but why wait until now to create this patch of protection?, while XP and its multiple editions have been occupied in departments of Government and non-government agencies is because it lacks stable Internet connection...is no better time to create a new edition of XP with new Service Pack included?
  • ??? I don't get the low internet connection part as an explanation??
  • Что? Новость об обновлении "зомбаря" Windows XP? Слоупосите вы, WC!
  • Microsoft should offer a limited free 'trade-up' program to Windows 10 from XP...the hardware should run it ok Hopefully help the last few hold-outs on the ancient OS into the modern era. 
  • Many older video cards aren't supported, including 7 machines. My Grandma has an emachine that came with 7 that is not upgradable to 10 because of the card.
  • I upgraded some old machines that were still kicking around from XP to 10, they never really see any use but I took advantage of the offer microsoft made of giving insider machines a windows 10 code at launch. Only 1 machine (from 2002) wouldn't update to 10 and that was because the pentium 4 inside it didn't support XD / NX bit (it only came out in 2004!) so that ended up stuck at win 7. It's pot luck whether the drivers have been updated for a system or not I'm sure there's some Win8 systems that won't work on 10 due to drivers.
  • Let it die!!!!!
  • There are quite a few bits of kit (think hospital scanners) that are run by xp machines. It would be very expensive to buy a new scanner just because the pc is outdated and no one is going to make drivers for it to work with a windows 10 pc.