There's a reason Microsoft is patching Windows XP again this month
- 14 June, 2017 10:54
Microsoft has released its usual Patch Tuesday flood, and it's enormous. Computerworld's Gregg Keizer has details.
Microsoft released individual patches for Windows XP and Vista -- both of which are beyond their end of support dates -- in a move eerily similar to the one last month. Per the Microsoft Security Response Center:
We are committed to ensuring our customers are protected against these potential attacks and we recommend those on older platforms, such as Windows XP, prioritize downloading and applying these critical updates
There's a reason why Microsoft released XP and Server 2003 patches again this month. Three reasons, actually. As I said in April, when the Shadow Brokers revelations emerged, the earlier MS17-010 patched all of the NSA-derived attack vectors, except three known vectors in XP and Server 2003 machines:
Microsoft says none of the other three exploits—EnglishmanDentist, EsteemAudit, and ExplodingCan—runs on “supported platforms,” meaning Windows 7 or later and Exchange 2010 or later.
That appears to be the motivation for this month's highly unusual XP and Server 2003 patches. Microsoft is fixing known holes in XP and Server 2003 that weren't fixed before -- holes that were plugged already for Win7 and later.
In short: If you have a Windows PC that faces the internet and it's running XP or Server 2003, it's long been vulnerable to attack using any of those three approaches. Microsoft knows about it, and has known about the exposure for many months. It hasn't fixed it until now.
The only Shadow Brokers-related attacks we've seen so far have used the EternalBlue method. But you can bet EnglishmanDentist, EsteemAudit and ExplodingCan exploits are in the works.
This month's patches plug those three holes on XP and Server 2003, as well as Vista and Windows 8. You can get them through Windows Update, or download them directly from Microsoft. For manual download links, see "Older Platforms Table 3 of 3" at the bottom of Security Advisory 4025685 (note that the link for Win8 doesn't appear to be working).
For those of you who are still running XP, Server 2003, Vista or Win8, now would be a good time to fire up Windows Update or download and install the patches manually.
It'll be interesting to see what new NSA-derived hacks prod Microsoft to fix XP and Vista.
Discussion continues on the AskWoody Lounge.