Microsoft issues security patches to protect against 'nation-state' actors

Microsoft includes Windows XP and Vista in June's Patch Tuesday updates

Microsoft issues Windows XP critical patches amid 'elevated risk' of cyberattacks

Microsoft was criticised last month for not providing free security patches to Windows XP users early enough to help protect against WannaCry ransomware.

Microsoft received criticism for its response to the WannaCry ransomware attack, as Windows XP, which still retains nearly 6% of the operating system market share, was patched much later than Windows 7, 8.1 and 10.

"To address this risk, today we are providing additional security updates along with our regular Update Tuesday service".

However, Microsoft stressed that the release of the new security update does not mean the tech giant will once again offer support for older versions of Windows, but was rather a one time response to the growing global threat from cyber attacks.

After the attacks, the company conducted a review that revealed several vulnerabilities. The updates will also be automatically available for Windows 10, Windows 8.1, Windows 7 and Windows Server releases after 2008. Microsoft stresses that this won't be a common occurrence, and urges people using outdated Windows operating systems to upgrade to a newer one like Windows 10 or Windows 8.1.

The new patches fix 16 vulnerabilities, of which 15 are ranked by Microsoft as critical.

Some vulnerabilities that Microsoft patched on Tuesday have the potential to be used for fast-spreading worms, says Dustin Childs, who works with Trend Micro's Zero Day Initiative project, which tracks software flaws. Now it has released another security update for Windows XP, this time due to the "heightened risk of exploitation" by copycats. Only weeks later would security researchers show that more than 90 percent of the computers that succumbed to WCry were supported versions of Windows that had yet to install a patch that had been publicly available for more than 60 days. Windows XP users were mostly affected by the said malware attack.

This was possible, it later emerged, because the NSA informed Microsoft about the leak of the exploits.

"One of the vulnerabilities being resolved in the June Patch Tuesday release is a critical vulnerability in Windows Search that could allow an attacker to gain full control over a system", explained Chris Goettl, product manager with Ivanti.

- Quentyn Taylor (@quentynblog) June 13, 2017Oh no. Take Windows XP off life support.

To give an idea of the seriousness of this month's Patch Tuesday, Microsoft has made a decision to include patches for a number of legacy operating systems it no longer supports.

But if you still haven't got around to replacing your out-of-support versions, don't forget that this month brings you a blast from the past: old-school Patch Tuesday updates. "There are many reasons - some even valid - why patches aren't applied".

Latest News