Microsoft patches expired Windows XP again as fresh exploits emerge

Redmond updates old OS to respond to Shadow Brokers' latest leak

Microsoft has taken the extraordinary step of pushing out an emergency patch for its outdated Windows XP operating system for the second time in a matter of weeks, this time following the release of a host of NSA exploits.

As part of June's Patch Tuesday, the company took the unusual step of issuing more fixes for XP, which went out of support in 2014, in anticipation of more WannaCry-style attacks against the platform - it patched XP'sWannaCryvulnerability some weeks ago.

TheShadow Brokers groupreleased the three exploits that prompted Microsoft to patch its ancient OS. The flaws areconsidered to pose an "elevated risk of cyber attacks by government organisations", Microsoft warned in ablog post.

"Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt," said Adrienne Hall, general manager for Microsoft's cyber defence operations centre.

Advertisement
Advertisement - Article continues below

Microsoft received criticism for its response to the WannaCry ransomware attack, as Windows XP, which still retains almost 6% of theoperating system market share, was patched much later than Windows 7, 8.1 and 10. Microsoft has said that the latest security patch will be available to all users, including those running outdated operating systems.

Thethree exploits, known as "EnglishmanDentist", "EsteemAudit" and "ExplodingCan" are all classed as remote execution vulnerabilities, allowing hackers to gain access with full user rights. EsteemAudit (CVE-2017-0176) exploits a flaw in the Windows remote code execution protocol, while EnglishmanDentist allows the execution of malware through Windows OLE.

This update is in addition to the regular Patch Tuesday, and while those with automatic updates enabled on Windows 7 or later will receive the patches immediately, those on older systems such as Windows Vista and XP will need to manually update their systems through the Microsoft Download Centre.

"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies," said Eric Doerr, general manager at Microsoft's security response centre. "Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/cloud/354231/the-it-pro-podcast-is-the-future-multi-cloud
Cloud

The IT Pro Podcast: Is the future multi-cloud?

29 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/business-strategy/collaboration/354160/microsoft-teams-surpasses-20-million-daily-users
collaboration

Microsoft Teams surpasses 20 million daily users

20 Nov 2019
Visit/laptops/34813/microsoft-surface-pro-7-review-slightly-faded-glory
Laptops

Microsoft Surface Pro 7 review: Slightly faded glory

15 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019