Microsoft releases new Windows XP security patches
- Author: Essie Rivera Jun 29, 2017,
Jun 29, 2017, 2:13
Although he was certain the old OS remains retired, he sensed that Microsoft opened a small Pandora's Box.
"It's retired", said Amol Sarwate, the director of Qualys' vulnerability lab.
June's Patch Tuesday for Windows machines brought no less than 96 different patches for various vulnerabilities.
The new updates from Microsoft have to be installed manually.
Today's Patch Tuesday seems to be a busy one for Microsoft. "This is a double-edged sword", he said of Microsoft's XP patch releases. "This move may indicate that Microsoft has been made aware of exploits that may be pending imminent release from the Shadow Brokers", Young told SearchSecurity.
"It's probably already been exploited for months now", Dillon said. Last month, they made the same move, and made many users question its goal. It did not specify what country may be involved, and a spokesperson did not provide additional information.
These new patches are notable for patching not just Windows XP, but Vista and Server 2003 products. "They're saying that this is not normal, and is not going to continue". "You don't want people to get an impression that it's OK if I'm on an unsupported platform". Microsoft disowned its most popular operating system and said its users to upgrade.
In a press statement released by Microsoft earlier today, it has underscored the importance of this update in the face of an imminent threat. Meanwhile, the company typically boasts that the newer version of Windows is better, faster, and most important, more secure, and like a rusty tool, has worn out its usefulness. Of those, almost 80 percent were MacOS systems.
Microsoft encourages businesses to migrate from legacy systems, such as Windows Server 2003, through end-of-life support deadlines. Of those, 27 flaws are remotely exploitable, the most unsafe kind of software flaw. Some are for flaws fixed as late as May, while others date back several years. There are two Windows XP fixes to mitigate the threat of EsteemAudit (CVE-2017-0176) and EnglishmanDentist (CVE-2017-8487), RCE exploits for Windows remote desktop protocol (RDP) and Object Linking and Embedding, respectively.
"To exploit the vulnerability, the attacker could send specially crafted SMB messages to the Windows Search service". Along with that is a sobering comment by one of the readers on another unintended effect.