Microsoft has taken the unprecedented decision to include unsupported platforms like Windows XP in June's Patch Tuesday update round, in order to protect against possible nation state activity.
Eric Doerr, general manager of the Microsoft Security Response Center, claimed the move had come “based on an assessment of the current threat landscape by our security engineers”.
He added:
“Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are new, and some are for older platforms under custom support agreements, that we are making publicly available today. Customers with automatic updates enabled are protected and there is no additional action required. For customers managing updates, or those on older platforms, we encourage them to apply these updates as soon as possible.”
Adrienne Hall, general manager of the Cyber Defense Operations Center, claimed the patches would help organizations protect themselves from attacks with “characteristics similar to WannaCrypt” – the ransomware threat that ripped through machines globally in May, prompting Microsoft to release a patch for unsupported platforms.
She said the decision to extend that approach this month was taken due to the “elevated risk for destructive cyber-attacks” from nation states and “other copycat organizations.”
This month’s Patch Tuesday release addresses 97 CVEs, nearly double that of last month, including 19 rated critical, 76 rated Important and one bug each rated Moderate and Low, as well as the obligatory Adobe Flash fix.
They’re listed here by Trustwave.
Two to watch and prioritize have been detected in exploits in the wild: CVE-2017-8543, a Windows Search vulnerability that can allow remote code execution by exploiting another SMB vulnerability; and CVE-2017-8464, a vulnerability in Windows that could allow remote code execution.
“[CVE-2017-8543] can be used in an enterprise scenario to remotely exploit systems over SMB. In this case, an attacker can remotely take control of a system without need for authentication. This is not one of the previous Eternal vulnerabilities that WannaCry and other variants took advantage of, but another SMB vulnerability that has potential to allow for another round of copycat attacks,” said Ivanit product manager, Chris Goettl.
“For Microsoft to review and release several updates for ‘end of lifed’ platforms you can be sure there was good cause. For those on outdated platforms this should not be construed as the new norm. In fact, this should reinforce the need to migrate off these legacy platforms as soon as possible to avoid future risk.”