Microsoft has, for the second month in a row, released a critical security patch for its out-of-support-but-still-widely-used Windows XP operating system, and warned that another WannaCry-style attack could be coming for organisations (ie: the NHS) that don’t take proactive action now.
In a bid to prevent a similar scenario, Microsoft yesterday issued emergency updates for legacy versions of Windows dating back to XP, Windows Server 2003, Windows XP Embedded and Windows 7 Embedded.
Microsoft had previously said that it wouldn’t issue out-of-support patches for the three exploits, codenamed EsteemAudit, ExplodingCan, and EnglishmanDentist, which exploit flaws in the Windows remote desktop protocol, IIS 6.0 and Microsoft Exchange servers.
In the post, Microsoft clarified this doesn’t mean a return to full support for Windows XP, which ended in 2014.
The company clarified this was an exception based on new intelligence and “should not be viewed as a departure from our standard servicing policies”.
The out-of-support updates are included in Microsoft’s June Patch Tuesday release, which addressed a whopping 94 vulnerabilities. This includes fixes for 27 remote code execution (RCE) exploits that could enable an attacker to take control of a machine.