The security patches for Windows XP, Vista, and Server 2003 contain fixes or mitigations for three alleged NSA-developed exploit tools known as the EsteemAudit, ExplodingCan, and EnglishmanDentist, though none of these exploits works on supported Windows platform.
However, unlike other regular Patches, this recent releases that delivered automatically through the Windows Update mechanism to your devices, these down-level patches must be downloaded and installed manually.
These updates are available in the Microsoft Download Center or, in the Update Catalog, or you can find download links at the bottom of Security Advisory 4025685.
No doubt, this move by Microsoft to protect its customers by releasing security updates for end-of-support products is commendable, but this could also motivate users to stick to 14-years-old unsupported and risky versions of Windows OS that are exposed to all manner of potential threats.
However, organizations and businesses should move on to the new updates and patches released by Microsoft in order to be secured that getting infected by ransomware.
And since Microsoft is fixing known vulnerabilities in Windows XP and Server 2003 that weren’t fixed before, the job of migrating away from unsupported versions just got a whole lot harder than before.
“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies,” Doerr said.“Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly,” he added.
However, Doerr urged users to adopt new, supported versions of Microsoft products, which are significantly more secured and resistant to exploits, and warned them not to expect regular security updates for out-of-date platforms in the future.
Meanwhile as part of its regular Patch Tuesday, Microsoft has released security updates to patch nearly a hundred flaws in its various Windows operating systems and software, two of which have actively been exploited in the wild.
All the regular releases are delivered automatically through the Windows Update mechanism to users running supported versions of Windows OS, including Windows 10, 8.1, 7, and post-2008 Windows Server releases, on their devices.
The well known notorious hacking group, Shadow Brokers, who claimed to have stolen a bunch of hacking tools from the NSA’s elite hacking team Equation Group, had also promised to leak more zero-days and exploits starting this month.
Felix Onyenobi is a technology enthusiast and loves to write. He is a co-founder at SkyNet Digital Agency. Also a web developer, Penetration tester and ethical hacker.