Microsoft Windows XP Gets More Updates To Avoid Another WannaCry Nightmare – Forbes

Microsoft Windows XP is continuing to get updates after security experts feared leaked NSA hacking tools would be used in more cybercriminal campaigns. (Photo credit: JUSTIN SULLIVAN/AFP/Getty Images)

Microsoft just did the internet another solid. After the NSA cyberweapon-powered WannaCry ransomware epidemic of last month, the company said it wanted to help users of all its operating systems avoid another catastrophe and so it’s providing updates to those on unsupported software this Patch Tuesday, including the now-geriatric Windows XP.

The tech giant was a little mysterious about just why it was providing more patches for Windows XP; it had already issued emergency fixes for the supposedly out-of-service OS in the midst of the WannaCry outbreak. In one of Microsoft’s two blog posts on the new patches, handed to Forbes ahead of their publication, one detail stood out: that the vulnerabilities being addressed were “at heightened risk of exploitation due to past nation-state activity and disclosures.”

Another blog post read: “Due to the elevated risk for destructive cyberattacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.”

While Microsoft named WannaCry as the impetus for the additional support, it’s also likely referring to leaked NSA tools, dropped online by a crew calling themselves the Shadow Brokers. (The NSA is yet to confirm or deny the files are legitimate, though they’re widely believed to be so). One of the vulnerabilities leaked by the Shadow Brokers was infamously used by the WannaCry attackers to spread their ransomware at rapid speed.

Other samples of malware – including the ransomware UIWIX, cryptocurrency miner Adylkuzz and a mysterious sample called EternalRocks – all abused the same vulnerability in the Microsoft Windows SMB software to spread.

Microsoft declined to offer more detail on just what threats have made the additional patches necessary. “The company does feel the potential risk to customers is significant enough to warrant the action they are taking today to provide updates for both supported and unsupported systems,” a spokesperson said.

The company would also not comment on attribution for the WannaCry attacks. Security experts from Symantec and BAE Systems, amongst others, have suggested a hacker crew linked to North Korea is to blame.

As for specifics on the patches, two of more than a dozen affecting the older systems are being actively exploited, Microsoft warned in its advisory. According to a Trend Micro Zero Day Initiative (ZDI) analysis of the 96 vulnerabilities addressed by Microsoft today, one looks remarkably similar to a vulnerability exploited by the Stuxnet malware, which was infamously used to disrupt Iranian power plants and was believed to have been created by the U.S. and Israeli governments.

The other looked like it had the potential to cause widespread chaos in any organization affected. “This is just the type of vulnerability favored by malware authors to create widespread chaos,” ZDI wrote in a blog post.

The unsupported systems getting the updates include: Windows XP, Windows Vista, Windows 8, Windows Server 2003 and Windows Server 2003 R2.

Double-edged sword

While Microsoft will gain plaudits for its decision to give support to systems that are three years out of support, some are wondering whether it could backfire.

“It’s a double edged sword,” noted Alan Woodward, a security expert from the Department of Computing at the University of Surrey. “It’s good that Microsoft are stepping up to prevent older systems being compromised but at same time this can’t continue for older systems as infinitum. No one wants another WannaCry but it could lead to a false sense of security.”

The move may also show just how powerful the tools somehow stolen by Shadow Brokers could be, added Woodward. Rumors abounded earlier this year that the NSA had warned Microsoft the company needed to patch certain systems before Shadow Brokers released the agency’s hacks to the public. The decision to patch more systems could indicate the NSA was in touch about other powerful exploits in the hands of the mysterious hacker crew.

“Microsoft clearly believes that what they now know necessitates prompt action. Whether end users know enough to take advantage of these patches is a whole different matter, assuming the systems they have are even capable of being updated by the end users,” Woodward added.

“It continues to show how devastating these tools are when they are leaked into the wild. Somehow I don’t think we’ve heard the last of this.”

Got a tip? Email at TFox-Brewster@forbes.com or tbthomasbrewster@gmail.com for PGP mail. Get me on Signal on +447837496820 or use SecureDrop to tip anyone at Forbes.

Comments

Write a Reply or Comment:

Your email address will not be published.*