Today marks Patch Tuesday, the day Microsoft typically releases patches for the Windows OS in order to address security, performance, and other under the hood issues. While most attention is usually on Windows 10 patches, Microsoft also released today new patches via Windows Update for Windows XP and Windows Vista, and this exceptional move is due to "elevated risk" from attacks such as the recent WannaCry ransomware exploit (via The Verge).
In a statement published on the Windows Experience Blog, Adrienne Hall, General Manager of the Cyber Defense Operations Center at Microsoft remarked that the updates for older versions of Windows are mainly because "some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations."
While this latest news comes after Microsoft released a patch last month to stop the spread of WannaCry, Microsoft is saying that the new round of patches should not be "viewed as a departure from our standard servicing policies." Hall's full statement to can be seen below:
"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations... To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.
It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements."
The Redmond giant also is saying that these updates are the result of "intelligence that led it to believe government organizations may use these new vulnerabilities to attack Windows systems." While the move is a bit shocking given that general support for Windows XP ended in 2014, Microsoft is not giving any details as to what the new vulnerabilities could possibly be. The Shadow Brokers, who are believed to be linked to the WannaCry attacks, however, have hinted at more exploits to come, even impacting Windows 10.