Microsoft Patches 96 Security Vulnerabilties in June Patch Update
Jun 29 2017
As part of June's Patch Tuesday, the company took the unusual step of issuing more fixes for XP, which went out of support in 2014, in anticipation of more WannaCry-style attacks against the platform - it patched XP's WannaCry vulnerability some weeks ago.
"Due to recent and past nation state activity and disclosures, Microsoft has reviewed several vulnerabilities and compiled a list of those that are at high risk of exploitation", he said. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. Windows XP isn't the only legacy operating system getting this new round of vital updates, as Windows 8 and Windows Server 2003 are getting them as well.
Microsoft has declared that the next major Windows 10 update dubbed Redstone 3, will not have SMB1 protocol.
Typically, Microsoft only releases security updates for unsupported Windows systems when there's a so-called "custom support" agreement in place. That patch originally was released in March, but only for modern Windows versions.
WannaCry became one of the most successful ransomware precisely because it used exploits and tools stolen from the NSA, which also means that the NSA may have already been using those same capabilities for many years. Newer OSes, and in particular Windows 10, are outfitted with advanced security features not found in previous versions of Windows. The Wanna Cry virus was only able to affect those systems that had Windows XP installed.
"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies", said the MSRC's Doerr.
Stephen Kleynhans, research vice president at Gartner, said that it was a touch decision by the company to offer patches for unsupported versions of Windows. "On one hand, it offers protections to those who may be unable to migrate off XP for whatever reason".