Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers – Ars Technica

On Tuesday, Microsoft took the highly unusual step of issuing security patches for XP and other unsupported versions of Windows. The company did this in a bid to protect the OSes against a series of "destructive" exploits developed by, and later stolen from, the National Security Agency.

According to this updated Microsoft post, Tuesday's updates include fixes for three other exploits that were also released by the Shadow Brokers. A Microsoft blog post announcing the move said the patches were prompted by an "elevated risk of destructive cyberattacks" by government organizations.

"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations," Adrienne Hall, general manager of crisis management at Microsoft, wrote. "To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows."

The down-level patches come in addition to the normal Patch Tuesday releases. Normal releases are delivered automatically through the Windows Update mechanism to devices running supported Windows versions, including 10, 8.1, 7, and post-2008 Windows Server releases. The down-level patches, by contrast, must be manually downloaded and installed. They are available in the Microsoft Download Center or, alternatively, in the Update Catalog and can be found here.

In a separate blog post, Eric Doerr, general manager of the Microsoft Security Response Center, said the move was designed to fix "vulnerabilities that are at [heightened] risk of exploitation due to past nation-state activity and disclosures." He went on to urge users to adopt new Microsoft products, which are significantly more resistant to exploits, and not to expect regular security fixes in the future.

"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies," he wrote. "Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly."

The only other time in recent memory Microsoft has patched an unsupported version of Windows was in 2014, when it issued a critical update for Windows XP during the same week it decommissioned the version. Tuesday's move suggests Microsoft may have good reason to believe attackers are planning to use EsteemAudit, ExplodingCan, and EnglishmanDentist in attacks against older systems. Company officials are showing that, as much as they don't want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.

Read more here:
Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers - Ars Technica