Microsoft has released new security updates for older versions of Windows as it warns of potential cyber-attacks by government organisations.
The patches include updates to Windows XP, the operating system that was targeted by the WannaCry ransomware attack in May that attacked parts of the NHS and other companies worldwide.
The new patches fix 16 vulnerabilities, of which 15 are ranked by Microsoft as critical. Craig Young, security researcher at infosec firm Tripwire, said: “Anyone still using Windows 2003 or XP should install these patches ASAP with the expectation that they will be actively exploited in the near term. This move may indicate that Microsoft has been made aware of exploits that may be pending imminent release from the Shadow Brokers.
Typically, Microsoft only issues updates for its operating systems that are still supported – for consumers, that means Windows 7 and newer (with the exception of Windows 8, which is meant to be covered by the free upgrade to Windows 8.1). But in the wake of the WannaCry outbreak, which saw a ransomeware worm take advantage of un-patched versions of windows to encrpyt millions of computers worldwide, Microsoft is reassessing that policy.
“Due to the elevated risk for destructive cyber-attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt [alternative name to WannaCry],” Adrienne Hall, the head of Microsoft’s Cyber Defense Operations Center, said.