Research

Microsoft Patches 96 Security Vulnerabilties in June Patch Update

Share
Microsoft includes Windows XP and Vista in June's Patch Tuesday updates

As part of June's Patch Tuesday, the company took the unusual step of issuing more fixes for XP, which went out of support in 2014, in anticipation of more WannaCry-style attacks against the platform - it patched XP's WannaCry vulnerability some weeks ago.

Last month the world witnessed one of the largest ransomware attacks in the history of the internet as the WannaCry ransomware took north of 250,000 computers hostage, worldwide, and this alarmed Microsoft into fixing three exploits they had previously neglected.

Microsoft also made the security update to older versions of Windows via manual download and installation, including Windows XP and Windows Server 2003.

Well this month Microsoft is once again making security patches available for these unsupported OS's because of another serious security threat from nation-state actors the company has been made aware of which impacts current and unsuppoprted versions of Windows.

"Due to recent and past nation state activity and disclosures, Microsoft has reviewed several vulnerabilities and compiled a list of those that are at high risk of exploitation", he said. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. Windows XP isn't the only legacy operating system getting this new round of vital updates, as Windows 8 and Windows Server 2003 are getting them as well.

Microsoft has declared that the next major Windows 10 update dubbed Redstone 3, will not have SMB1 protocol.

Typically, Microsoft only releases security updates for unsupported Windows systems when there's a so-called "custom support" agreement in place. That patch originally was released in March, but only for modern Windows versions.

WannaCry became one of the most successful ransomware precisely because it used exploits and tools stolen from the NSA, which also means that the NSA may have already been using those same capabilities for many years. Newer OSes, and in particular Windows 10, are outfitted with advanced security features not found in previous versions of Windows. The Wanna Cry virus was only able to affect those systems that had Windows XP installed.

"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies", said the MSRC's Doerr.

Stephen Kleynhans, research vice president at Gartner, said that it was a touch decision by the company to offer patches for unsupported versions of Windows. "On one hand, it offers protections to those who may be unable to migrate off XP for whatever reason".

Share