Microsoft are issuing their first XP patch in years on out of support systems like XP, 7 and Windows 2003, an unusual step for the tech giant as a large-scale vulnerability is discovered.
In 2017 the huge malware epidemic ‘WannaCry’ affected 200,000 Windows systems across the world, costing the NHS £92 million, today Microsoft are doing their utmost to put off the threat which is described to be ‘pre-authentication and requires no user interaction’
Such updates on unsupported software would usually be costly, however, Microsoft are issuing these free of charge given the seriousness of the flaw (CVE-2019-0708). The exploit is ‘wormable’ meaning the threat can easily propagate between vulnerable devices.
“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” (Statement from Simon Pope - Director of incident response for Microsoft Security)
It’s important to remember that this threat does not affect all Windows operating systems, the most current systems are safe from the attack:
• Windows 10
• Windows 8.1
• Windows 8
• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2
• Windows Server 2012
Currently there are still millions of devices operating on Windows XP, worryingly countless businesses who are at risk to a threat that could potentially put their business into disaster mode.
Firstly, updates aren’t automatic, you must go out and seek it, download and install yourself. Secondly, all patches must be applied to ensure you are safe from the threat.
It will be interesting to see how many people will heed the advice and install the patch to stop the impending attack.