This is actually course correction. Why you ask ? Well, Microsoft had previously declined to release fixes for three specific security patches, which allowed NSA’s hacking tools to function on Windows XP. However, the way Wannacry unfolded, Microsoft has been forced to reverse its action and has hence confirmed that it is fixing these three loopholes.
Earlier, Microsoft had said that last month’s cyber attack only affected older and retired operating systems, most notably Windows XP and Windows Server 2003. The Redmond giant had also issued fixes for the two operating systems, since a large number of Government organizations (and banks) have been dependent on Windows XP for ATMs and other operations for a very long period of time.
But, the latest update to this global tale comes in the form of fair warning. In an official blog post, Adrienne Hall, General Manager, Cyber Defense Operations Center at Microsoft found that the three vulnerabilities in the Windows OS could prove to be detrimental for its users.
Following last month’s global ransomware attack, Microsoft has grown extra cautious and thorough inspection of three remaining loopholes suggested they were still open to exploitation by state-sponsored actors (ones working for the government). The exploits are dubbed as ENGLISHMANDENTIST, ESTEEMAUDIT, and EXPLODINGCAN and have now been fixed in this month’s security update.
Speaking of the same, Hall continues to mention:
In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations.
To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.
Due to the elevated risk at hand, Microsoft is no longer feeling haughty about its security practices and has decided to release this update patch to ALL Windows users. This means all supported, as well as unsupported versions of the operating system, would be updated to fix the three remaining loopholes. It is specifically focused towards older versions such as Windows XP and Windows 7 that were the worst hit in the WannaCry attack last month.
This is another surprising development on Microsoft’s part, who had previously instructed users to jump ship and upgrade to their latest offerings to protect themselves from the attack. It had patched most of the NSA-exposed exploits in its April patch (released monthly), without disclosing who tipped them of the potential incoming horrors. It is believed either the NSA or Shadow Brokers, the hacker group who leaked the exploits, tipped the company beforehand to curb the damage — but it couldn’t.
If you’re running Windows XP or Windows 7 then you the update patch would’ve become available for you. While we suggest both operating system users to immediately update their PCs but the latter ones should hurry as Windows 7 was the worst hit in the last ransomware attack.