Microsoft forced to issue XP patch in new security risk
More trouble for Microsoft’s legacy operating systems.
Just months before support is due to end for Windows 7, Microsoft has been forced to issue a new security patch for the now long-unsupported XP operating system (OS).
The patch follows a security loophole being identified in the XP OS. It’s understood that it creates the potential opening for a new ransomware-style malware attack, which could move quickly across unsupported machines.
In a statement, director of incident response for the Microsoft Security Response Center, Simon Pope, said “Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017”
“It is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” he went on to confirm.
It’s estimated that around 3% of all desktops and laptops run XP. While plenty of those will be redundant machines, there are still some being used in important roles, including nuclear submarines.
Due to the age of the OS, the XP patch has to be downloaded by users manually rather than being automatically pushed out. This will likely have a strong impact on the number of users who actually install it. It’s also not easy to find. Should you need to, the patch can be downloaded here.
Hesitancy of businesses to move their computer systems on to supported Microsoft platforms is now a significant cyber security concern. This will only get worse when support for the very popular Windows 7 and Server 2008 OSs ends in January 2020.
Businesses that want to stay secure need to start preparing for this now. Many will find that machines running legacy Microsoft OSs may also be running older applications (some business critical) that will not run on more modern OSs. This could leave businesses with the decision of whether to compromise on security or operations if they don’t take action soon.
Note: Microsoft has also issued patches for Windows 7 and Server 2008. These can be found here.
For assistance with patching , or to discuss upgrades to your Microsoft operating systems, please get in touch.