Windows 10

Microsoft today followed May’s unprecedented release of security updates for expired operating systems, including Windows XP, by issuing another dozen patches for the aged OS.

The Redmond, Wash. company cited fears of possible attacks by “nation-states,” a label for government-sponsored hackers or foreign intelligence services, for the updates’ release. “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” said Adrianne Hall, general manager, issues and crisis management, for Microsoft.

To read this article in full or to leave a comment, please click here

A month ago, Microsoft took the unprecedented step of issuing security patches for Windows XP, an edition supposedly interred in Support Cemetery more than three years ago.

The decision to help aged personal computers running Windows XP — as well as also-retired Windows 8 and Windows Server 2003 — was intended to slow the spread of the “WannaCry” ransomware, which encrypted files on hundreds of thousands of PCs worldwide. The cyber criminals than tried to extort payments from the machines’ owners in return for unlocking the files.

To read this article in full or to leave a comment, please click here

The global WannaCry attack that started 10 days ago touched just a handful of Windows XP PCs, a security expert said Monday, contradicting the narrative that the aged OS was largely responsible for the ransomware’s crippling impact.

“There were no real WannaCry infections of Windows XP,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in an interview Monday. “We’ve seen only a handful of cases, less than a dozen, and it looks like most of them were testers [self-infecting systems].”

Raiu’s claim countered an assertion made by virtually every media report and blog post published after “WannaCry” emerged June 12. Countless news stories blamed Windows XP, which Microsoft retired three years ago, for falling victim to the attack because the vulnerability that WannaCry exploited had not been patched in the obsolete OS.

To read this article in full or to leave a comment, please click here

Microsoft on Friday took the unprecedented step of issuing patches for long-demoted versions of Windows, including Windows XP, to immunize PCs from fast-spreading ransomware that has crippled machines worldwide.

To stymie “WannaCrypt” attacks — which encrypted files on thousands of PCs used by the U.K.’s National Health Service (NHS), causing chaos in many hospitals — Microsoft published patches for Windows XP, Windows 8 and Windows Server 2003. All had been retired from support: Windows XP in April 2014, Windows 8 in June 2016, Windows Server in July 2015.

“We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003,” said Phillip Misner, a principal security group manager at the Microsoft Security Response Center (MSRM), in a post to a company blog late Friday.

To read this article in full or to leave a comment, please click here

A Microsoft manager this week offered IT administrators a way to replicate — in a fashion — the security bulletins the company discarded last month.

“If you want a report summarizing today’s #MSRC security bulletins, here’s a script that uses the MSRC Portal API,” John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.

Lambert’s tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998.

To read this article in full or to leave a comment, please click here

For this May Microsoft Patch Tuesday, we see Microsoft attempt to resolve 56 reported vulnerabilities in Microsoft Office, Windows, both Browsers and the .NET development platform.

Three of the vulnerabilities have been reported publicly and several have been actively exploited. Adding to an already serious situation, Microsoft’s anti-malware tool was compromised, resulting in the inadvertent deployment of malware through the anti-malware engine.

Microsoft responded very quickly with an out-of-band update (Security Advisory 4022344). Though there was general relief and kudos to Microsoft for their rapid response to this embarrassing episode, this bug was described as the “worst in recent memory” and as “crazy bad” by two of the lead researchers from Google’s Project Zero.

To read this article in full or to leave a comment, please click here