Users of newer, patch-supported versions of the Windows operating system aren’t the only ones to receive security updates aimed at protecting them against ransomware attacks such as last month’s WannaCry. Citing the “elevated risk for destructive cyberattacks at this time,” Microsoft said yesterday it’s also making those updates available to customers with older versions of Windows no longer supported with regular patches.
Also known as WannaCrypt, the WannaCry ransomware attack hit computer systems around the world that are still using outdated software like Windows XP and Windows 7. Among the organizations affected were FedEx and the U.K.’s National Health Service (NHS).
‘Elevated Risk for Destructive Cyberattacks’
Microsoft made the unorthodox decision to offer security updates to users with older versions of Windows after identifying some vulnerabilities that “post elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Adrienne Hall, general manager for the company’s Cyber Defense Operations Center, said in a blog post.
Following the WannaCry attack, some researchers said North Korea was likely to blame, although officials in that country denied the allegation. The WannaCry malware took advantage of a Windows vulnerability that had been used for surveillance by the National Security Agency before the exploit was stolen and released by the Shadow Brokers hacking group in April.
“Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” Hall said in her blog post. However, the best defense against such malware is to update to a new platform that’s supported with regular security updates, she added.
“It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows…