Microsoft Warns of 'Destructive Cyberattacks', Issues New Windows XP Patches

Ed Bott, reporting for ZDNet: Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog.

C'mon, editors!

[__aaclcg7560]

[...] from the job-security-for-non-microsoft-it-workers dept

FTFY

Re:C'mon, editors!

[chispito]

[...] from the job-security-for-non-microsoft-it-workers dept

FTFY

You have it backwards. Who is going to apply these patches? Who is going to help businesses migrate off of old, unsupported versions of Windows (onto newer versions of Windows--let's be real here)?

Answer: Not non-Microsoft-IT-workers.

But don't worry, there is plenty of work for all, when you consider all of the upatched OpenSSL, ImageMagick and SAMBA out there. Or, you know, WordPress.

Re:

[chispito]

SCCM is the MS equivalent of what you are describing. It does a lot more, but it is commonly used for patching.

Re:

[WillAffleckUW]

There are no XP updates this month. What the hell is this guy talking about?

None for Win 7 either. Somebody messed up bad.

Re:WHAT XP UPDATES???

[redmid17]

You guys?

https://support.microsoft.com/... [microsoft.com]

Re:

[Anonymous Coward]

it's a trap. They're gonna implant telemetry on devices that didn't support it. They wanna reach the last pitiful win user.

Re:

[campuscodi]

Source: https://blogs.windows.com/wind... [windows.com]

Link to XP patches?

[Anonymous Coward]

It would be nice if either TFA actually linked to the patches.

Re:

[b0bby]

ZDnet links here:

https://portal.msrc.microsoft.... [microsoft.com]

There are 4 pages of patches so I assume XP is on one of them.

Re:

[b0bby]

My assumption appears to be wrong, I can't find any XP patches on that page.

Re:

[Spy Handler]

You assume wrong. Nothing for XP in any of the 4 pages.

Re:Link to XP patches?

[Anonymous Coward]

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4024323

It would be nice if there was a link to the "supported" patches too, or they used the same damn KB number ...

Re:

[thomst]

I've NEVER said this about an AC post before, but MOD PARENT +1 INFORMATIVE!

Re:

[Anonymous Coward]

This full list of patches from this month that have something for XP appears to be:
This KB3197835 [microsoft.com]
and this KB4012583 [microsoft.com]
and this KB4018271 [microsoft.com]
and this KB4018466 [microsoft.com]
and this KB4019204 [microsoft.com]
and this KB4022747 [microsoft.com]
and this KB4024323 [microsoft.com]
and this KB4024402 [microsoft.com]
and this KB4025218 [microsoft.com]

Re:

[Darinbob]

This comes from quoting a zdnet article rather than going to the source. Slashdot is all about making sure the reader has to do lots of research until the real story is discovered. But if you go to the microsoft pages the information can be uncovered.

Re:

[Anonymous Coward]

That is just one of the XP patches. They are all here, along with Win 8 and S2003

https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms [microsoft.com]

Re:

[perpenso]

It would be nice if either TFA actually linked to the patches.

It would also be nice if MS would make available for download that final Win XP service pack.

Seriously, final service packs for obsolete/unsupported versions of Windows have to be removed from the download site?

Re:

[Opportunist]

The question that is required here is why you still run XP.

Re:

[perpenso]

The question that is required here is why you still run XP.

I have a virtual machine for testing purposes in case someone paying the bills say they want the software I'm writing to work on XP. The virtual machine needs the final service pack to install its tools (drivers, management).

Re:

[stooo]

Here's a link to a better patch:
https://linuxmint.com/ [linuxmint.com]

If by unprecedented you mean last month, then no.

[Anonymous Coward]

Seriously ... they literally set the precedent exactly a month ago.

Re:

[Spy Handler]

and before that, the conficker manual patch for XP.

But I guess you could say it's "unprecedented" since the beginning of this month...

Re:

[sinij]

I read 'unprecedented' as 'unusual, since releasing security patches for a product that was long past EOL is unusual. Not many organizations willing to do that and MS should be commended.

Re:If by unprecedented you mean last month, then n

[Kjella]

I read 'unprecedented' as 'unusual

Except unprecedented is much stronger, it very explicitly means that it's never, ever happened before. If you can point to even a single previous instance, then it's by definition wrong to use it. And since Microsoft recently did release a patch for an EOL product, using it now is plain wrong. Nice by Microsoft, but still wrong. It also makes me wonder how well a "ten more years of security patches" upgrade for Win7 would sell...

adjective
1. without previous instance; never before known or experienced; unexampled or unparalleled:

Re:

[sinij]

I read 'unprecedented' as 'unusual

Except unprecedented is much stronger, it very explicitly means that it's never, ever happened before. If you can point to even a single previous instance, then it's by definition wrong to use it. And since Microsoft recently did release a patch for an EOL product, using it now is plain wrong. Nice by Microsoft, but still wrong. It also makes me wonder how well a "ten more years of security patches" upgrade for Win7 would sell...

adjective 1. without previous instance; never before known or experienced; unexampled or unparalleled:

Your point is both correct and pedantic.

Re:

[thegreatbob]

Pedantic, the best kind of correct?

Technically, yes.

... but what other "features"?

[Lead Butthead]

Does it add any new telemetry tracking... ahm, "features" to those "obsolete" products?

Re:

[arglebargle_xiv]

They'll be delivered automatically through Windows Update to devices running supported versions.

And if you're in the select few, you'll end up in a bluescreen-reboot loop after the updates. So you'll get your "Destructive Cyberattack" courtesy of Microsoft rather than the malware authors. And if you're unlucky enough to be on Win10, there's almost no way to block it.

Re:If by unprecedented you mean last month, then n

[WheezyJoe]

Yep. Reported right here [slashdot.org], one month ago.

and it's not the desktops you should be worried about. It's the ATM's, cash registers, medical/hospital machines, metro/subway kiosks, traffic-light controllers, maybe even devices used by Army field personnel or on Navy ships and submarines (horrors...), uncounted masses of machines in use every day that you'd never guess are running Windows XP with no viable means of upgrading short of scrapping them entirely. XP lived long enough to become the go-to OS for way too much stuff.

Re:

[mfh]

Now, they can shift the blame to people who don't patch.

Depends on why someone is running XP. If it's for business and software relies on that os for some reason, that's one major case. Another is the case of older folks who don't know much about computers so they are running the same thing they have ran since they bought the machine. Maybe they never ran an update?

True story. I got a call from my ex about her father's computer and I'm a nice person so I head over to his place because he "can't get the inte

Get the Patches

[ntsucks]

TL;DR

http://www.catalog.update.micr... [microsoft.com]

Re:

[Thelasko]

TL;DR

http://www.catalog.update.micr... [microsoft.com]

Someone finally found it!

Re:

[gustygolf]

Correct URL: https://support.microsoft.com/... [microsoft.com]

A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.

The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.

Emphasis mine. Frankly, it doesn't seem very critical for us desktop users.

According to this page [microsoft.com], only XP and 2003 Server are affected. Vista and newer aren't.

more of the same

[weedjams]

http://i.imgur.com/umG2mN7.png [imgur.com]

Re:

[weedjams]

the latest one: http://www.catalog.update.microsoft.com/Search.aspx?q=4025218 [microsoft.com]

sort by date: http://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+Windows+XP+SP3 [microsoft.com]

Re:

[stooo]

There's a better patch for that :
https://linuxmint.com/ [linuxmint.com]
BTW, You don't need a KB number.

Liability

[Kergan]

What might be MS's liability if old time XP users sue owing to security issues that don't get patched?

Re:Liability

[James Carnley]

Zero. XP is unsupported and there is no reasonable assumption that it is secure.

Re:

[Opportunist]

I'm still surprised this holds any water in court. Imagine car manufacturers trying to get away with bullshit like that.

"You get this car as-is. If you lose a wheel and kill yourself or a few dozen bystanders, it ain't our fault, no matter whether it actually is due to shoddy manufacturing or poor engineering. We'll fix your car (provided that it first fell apart due to our gross negligence and not your fault), but only for the next 5 years. Any fault you find after that you have to live with, because we wo

Re:

[Opportunist]

POS is a very apt description of those boxes...

Microsoft's search sucks

[Anonymous Coward]

If you search for "windows XP", the last patch was released in 2014:

https://www.catalog.update.mic... [microsoft.com]

If you search for "windows XP sp3", then you can find the last patches that were just released:

https://www.catalog.update.mic... [microsoft.com]

What about an update-roll up for vista xp 7 08r2?

[Joe_Dragon]

What about an update-roll up for vista / xp / 7 / 08r2?

It does not need to be an full on SP but just something that is one exe. Vista is very painful to get on the update train after an clean install. 7 is better but an sp3 that is just an update roll up of sp2 is nice to have.

XP for the most part works with the 3rd party sp4 but that will needed a bit of windows update after installing.

Re:

[account_deleted]

Comment removed based on user account deletion

If only there was a patch for IT Dept mentality

[LANjackal]

Can't wait for IT departments to not install these patches and then 1) Blame MS when they're hacked 2) Scream bloody murder at Microsoft's attempt to enable automatic updates.