Microsoft products usually have an end-of-support date, where no more feature updates and security patches will be offered. However, earlier this month, Microsoft has released a security update for Windows XP, an operating system that has been unsupported since 2014. Although releasing a patch for an old system seems unusual, Microsoft does have its reasons.
More WannaCry copycats
The primary reason why Microsoft reassessed their update policy for Windows XP was due to the success of WannaCry, a ransomware worm that encrypted hundreds of thousands of computers worldwide. Even though the attack did not affect XP computers, Microsoft anticipates increased risk of similar attacks for the outdated OS being developed in the near future.
According to Microsoft’s Head of Cyber Defense Operations Center Adrienne Hall, cyberattacks by government organizations and copycat hacking groups are imminent; and this time, they’ll improve upon WannaCry’s shortcomings. In fact, shortly after WannaCry was stopped on May 12th, other strains with more sophisticated code popped up seeking to exploit the same weaknesses.
Many security experts also suspect that Microsoft is releasing security fixes for outdated systems because of leaked NSA hacking tools. Over the years, the NSA’s ‘hacking’ department, Equation Group, has been storing cyber exploits in its arsenal. But a group known as the Shadow Brokers found these exploits and publicly disclosed them, which led to the WannaCry outbreak.
Right now, the Shadow Brokers are promising to leak more NSA exploit tools to hackers in the Dark Web who are willing to pay $10,000.
Since a significant portion of businesses are still working with XP, Microsoft believes that their recent security update is the best way to protect all Windows users. The new patch fixes 16 critical vulnerabilities, many of which seem to defend against the exploits leaked by the Shadow Brokers.
Windows 10 users can find the critical update in the Microsoft Download Center. Alternatively, they can simply check for updates in Windows Update, which can be found in the Settings menu. But to install the update for unsupported operating systems, users should visit Microsoft’s security advisory page for tips and download links.
Although Microsoft has extended support for Windows XP, don’t expect regular fixes for outdated systems. As always, the best protection is to use an up-to-date system that’s equipped with the latest security patches.
“Older systems, even if fully updated, lack the latest security features,” said Hall.
If you’re unsure about your Windows security, what operating system you’re running, or how to protect your company workstations, give us a call. Our certified and experienced experts will help keep your business safe from WannaCry and future malware attacks.