Microsoft patches expired Windows XP again as fresh exploits emerge

The updates come one month after the WannaCry ransomware attacks targeted computers around the globe.

We have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.

As with WannaCry, the patches released today cover exploits from the Equation Group, an organisation linked to the United States National Security Agency (NSA).

Based on Insider feedback, we have changed "Phone Update" to "Windows Update" under Settings Update & security.

Unsupported systems that will get today's updates include Windows XP, Windows Vista, Windows 8, Windows Server 2003, or Windows Server 2003 R2. While that is certainly a possibility, I have always believed there will be those on Windows 7 that will not upgrade to Windows 10 no matter what, are you willing to put everything on the line to risk your personal information and possibly business/customer data on an outdated system?

The new patches fix 16 vulnerabilities, of which 15 are ranked by Microsoft as critical.

Pak's BAT attack in J&K: 2 Indian soldiers & one attacker
Earlier in the day, an attempt of armed intrusion by Pakistan's Border Action Team (BAT) in Poonch this year was foiled at 2 p.m. Prior to that, a BAT attack was carried out on February 18 but there were no casualties in that.


The update was released as part of the company's regular Tuesday schedule.

Other patches are for Microsoft Edge and IE, which fix many remote code execution issues.

Microsoft phased out support for older versions of its PC operating system some time ago. It had patched most of the NSA-exposed exploits in its April patch (released monthly), without disclosing who tipped them of the potential incoming horrors. Over 100 million people still used Windows XP as of late 2016, according to research, including millions of users in China. Microsoft also mysteriously delayed its Patch Tuesday release in February by a month in an unprecedented move, blaming a "last minute issue".

Besides XP, Microsoft also released patches for Windows Server 2003. It is one of the most successful updates ever from Microsoft for the desktops. Peter Bright, from technology site Ars Technica, said: "patching is the wrong decision: it sends a clear message to recalcitrant corporations that they can stick with Windows XP, insecure as it is, because if anything too serious is found, Microsoft will update it anyway ..."

Doerr added that Microsoft continues to recommend that end-users upgrade to the latest platforms since older operating systems, even if fully up-to-date, lack the latest security features and advancements.

Sarwate also suggested users prioritize patches for Windows graphic font engine vulnerabilities CVE-2017-8527, CVE-2017-8528 and CVE-2017-0283, and Outlook patch CVE-2017-8507, all of which could allow attackers to take complete control of a victim's machine.

  • Douglas Reid