Microsoft issues more security patches for older Windows, citing cyber attack risk – USA TODAY
USA Today columnist Kim Komando guides you on how to test your computer’s security.
SAN FRANCISCO – In the wake of last month’s WannaCry malware outbreak, Microsoft has once again issued patches to programs it no longer supports, citing vulnerabilities in their code that could make them vulnerable to cyber attacks by nation-states or copycat organizations.
The patches come a month after the company issued patches for Windows XP computers to protect against WannaCry, despite its long-standing stance against updating older and unsupported versions of its Windows operating system.
“Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” wrote Adrienne Hall, general manager for Microsoft’s cyber defense operations center. WannaCrypt is another name for the WannaCry ransomware.
The patches hit, as they have since 2003, on the second Tuesday of the month at 10 a.m. Pacific time, when Microsoft makes security and other fixes to its programs available for users who aren’t signed up for automatic updates – what’s known as “Patch Tuesday.”
Up until now, only customers who paid hefty fees could continue to get any support for older programs such as WindowsXP and Windows 8.1.
The release of the WannaCry malware, which seized files on hundreds of thousands of computers with demands for ransom, forced it to change its approach. The company made available patches that protected against WannaCry despite its long-standing stance against providing patches for unsupported programs.
The decision to offer patches to long-gone programs such as Windows XP, Windows 8 and Server 2003 is a tough one for the company, said Stephen Kleynhans, a research vice president at Gartner who looks at the enterprise PC market.
If the Redmond, Wash.-based company plays hardball and says it’s done with fixes and then something terrible happens, “they look like the bad guys. But if they do issue a fix, everybody who’s paying is mad at them,” he said.
In a post accompanying the patches, Microsoft noted that anyone running currently-supported versions of Windows, such as Windows 10 or Windows 8.1, will automatically be updated as long as they have Windows Update enabled.
Otherwise, “we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements,” the company notes.
“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies,” the company said.
When Microsoft ended support for Windows XP in 2014, it began offering the option of paying for ongoing support — but it doesn’t come cheap. Users have to enter into what’s known as a Custom Support Agreement. The cost varies by company but began at around $250 per user and “has pretty much doubled each year,” said Kleynhans.
In the end, the company’s pushing hard to get its customers to enter the modern world of computing by making it painful to stick with older programs.
“Painful, but not dangerous. But they want you to know there’s pain involved,” Kleynhans said.