MS releases emercency patches for XP, win 8 & win server 2003

[Elixer]

Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. The move is a bid to slow the spread of the WanaCrypt ransomware strain that infected tens of thousands of Windows computers virtually overnight this week.
...
The software giant today made an exception to that policy after it became clear that many organizations hit hardest by Wanna were those still running older, unsupported versions of Windows.

“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” wrote Phillip Misner, principal security group manager at the Microsoft Security Response Center. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”

The update to address the file-sharing bug that Wanna is using to spread is now available for Windows XP, Windows 8, and Windows Server 2003 via the links at the bottom of this advisory.

https://krebsonsecurity.com/

I bet you anything that this patch still won't be applied by the vast majority of XP users.

 

[John Connor]

Since I use XP in a netbook that sits in the kitchen and is only for general website lookups and not E-mail, I don't think I have anything to worry about. I do have a clone of the machine on a USB stick. If it gets owned I'll put the clone back and patch. Until then, forgetaboutit.

 

[mikeymikec]

https://krebsonsecurity.com/

I bet you anything that this patch still won't be applied by the vast majority of XP users.

Because? While I can imagine there are a fair number of kooks who claim that XP slows down with updates, I imagine their percentage compared to total XP users is pretty small. The next exception I can think of are people using pirated copies with AU switched off, but I've seen pirated copies of XP getting updates so that isn't necessarily a given. Otherwise I guess there are some business users running their own WSUS, but unless they're especially incompetent that they still don't bother to make sure that patch gets applied even after recent events, I'm pretty sure they'll patch the systems they're responsible for. All the other XP users are probably on the default settings, and I can't believe that MS would take the time to make an emergency patch then not bother to distribute it using Windows Update, so they should receive the update.

 

[Elixer]

Because it is NOT being pushed by MS via windows update for those platforms.

Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

So, the incompetent people will still be incompetent.

 

[sonoferu]

This specifies Windows XP, 8, Server 2003. I have Windows 7 still [I hated what I saw in Win 8 at work, and 10 looked even worse, but anyway]. Does this mean Windows 7 is still supported and gets patches pushed to me?

 

[Elixer]

This specifies Windows XP, 8, Server 2003. I have Windows 7 still [I hated what I saw in Win 8 at work, and 10 looked even worse, but anyway]. Does this mean Windows 7 is still supported and gets patches pushed to me?

Already pushed in March for that OS.