Search Icon
See all Business

Microsoft issues urgent Windows XP updates to block US spy tools

Windows XP
Microsoft stopped supporting Windows XP in 2014 Credit: Microsoft

Microsoft has backtracked on its decision to stop providing security updates for Windows XP and issued an urgent patch to prevent spying attacks. 

The company urged customers running the 2001 software and everything later to update their software to prevent state-sponsored hacks such as the WannaCry ransomware attack last month. 

Windows XP has been obsolete for more than three years after Microsoft dropped support for the software in 2014. Some 7 per cent of PCs still run on XP despite it being out of date. 

The unprecedented move doesn't signal a return to support for older versions of Windows, but is a one-time response to the global cyber attack. 

"Our decision to release these security updates for platforms not in extended support should now be viewed as a departure from our standard servicing policies," said Microsoft. "Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly." 

It comes after the failure to implement a security patch earlier this year led to hundreds of thousands of computers being locked by WannaCry ransomware in a global attack. The attack used a tool called "Eternal Blue" that was developed by the National Security Agency and leaked online by a hacking group called the Shadow Brokers. 

The devastating incident hit organisations including Nissan, Telefonica and the NHS, causing patients to be turned away from A&E and operations to be cancelled.

The latest patch is also connected to the NSA leak, fixing vulnerabilities exploited by three more of the state-created tools. It fixes 94 vulnerabilities, 27 of which hackers could use to take control of a users' computer.

"This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months," said Amol Sarwate, director of vulnerability research at Qualys. "Including patches for older platforms due to heightened risk of exploitation should, in my opinion, be treated as a blue-print for future attacks."

Microsoft said customers should still update to the latest systems despite the security patch covering the older machines. "Older systems, even if fully up-to-date, lack the latest security features and advancements," the company said.  

It added that the patch is an "exception based on the proximity to the end of support for Windows XP". 

 

Related Topics
Comment speech bubble icon
License this content