At the same time, Microsoft warns that issuing security updates for unsupported OSes is still going to be a rare thing. Microsoft knows about it, and has known about the exposure for many months.
Microsoft patched the vulnerability exploited by WannaCry in its newer operating systems a month before The Shadow Brokers released the exploit. Computers with the latest updates installed were protected against last month’s ransomware campaign as Microsoft patched the flaw that WannaCrypt exploited back in March. Peter Bright, from technology site Ars Technica, said: “patching is the wrong decision: it sends a clear message to recalcitrant corporations that they can stick with Windows XP, insecure as it is, because if anything too serious is found, Microsoft will update it anyway …”
We still feel very strongly that you should have left XP and Server 2003 behind years ago, given that newer Windows versions contain a wide range of security mitigations that simply can’t be retrofitted to older versions.
The out-of-support updates are included in Microsoft’s June Patch Tuesday release, which addressed a whopping 94 vulnerabilities. The portal now has a download button that will open the month’s security updates into a single Excel file, perhaps easing review. The company had previously said it would not fix these potential exploits as they only affected older, unsupported versions of Windows.
The down-level patches come in addition to the normal Patch Tuesday releases. Updates will be automatically available for Windows 10, Windows 8.1, Windows 7 and Windows Server releases after 2008. Meanwhile, the company typically boasts that the newer version of Windows is better, faster, and most important, more secure, and like a rusty tool, has worn out its usefulness. It is one of the most successful updates ever from Microsoft for the desktops.
The new security fixes are created to address three different vulnerabilities that were not patched before.
“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies”, Doerr wrote in a blog post. In an unprecedented move in February, Microsoft abruptly canceled its Patch Tuesday, citing only a “last-minute issue”.
According to a company statement, the same treatment is being afforded Windows Server 2003, another unsupported but widely used operating system dangerously vulnerable to attack.
At the same time, “if they do this more often, people will start thinking the patches will be there and that takes them away from the goal of moving away from the old operating systems”, he said.
Unsurprisingly, Microsoft recommends upgrading to the latest version of Windows to solve the problem (you knew that was coming).