Delivers fixes for XP, Windows 8 and Windows Server 2003 as ransomware crisis puts company in a tight PR spot Microsoft on Friday took the unprecedented step of issuing patches for long-demoted versions of Windows, including Windows XP, to immunize PCs from fast-spreading ransomware that has crippled machines worldwide. To stymie “WannaCrypt” attacks — which encrypted files on thousands of PCs used by the U.K.’s National Health Service (NHS), causing chaos in many hospitals — Microsoft published patches for Windows XP, Windows 8 and Windows Server 2003. All had been retired from support: Windows XP in April 2014, Windows 8 in June 2016, Windows Server in July 2015. “We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003,” said Phillip Misner, a principal security group manager at the Microsoft Security Response Center (MSRM), in a post to a company blog late Friday. In fact, Microsoft has never issued security updates for software as long retired from support as Windows XP, which fell off the list more than three years ago. Microsoft had the Windows XP, 8 and Server 2003 updates already in hand — they were versions of MS17-010, a six-vulnerability fix delivered in March to newer editions, such as Windows 7 — because it offers post-retirement assistance to corporate customers under a pay-for-patches program called “Custom Support.” The WannaCrypt ransomware spreads to other Windows PCs on a network by exploiting the vulnerabilities Microsoft patched with MS17-010; the malware can also infect other systems by sniffing for vulnerable machines connected to the public Internet. After WannCrypt is installed, it encrypts data on the PC, then displays an extortion note demanding between $300 and $600 to unlock the files. “Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support,” Misner said in explaining Microsoft’s motivation. “This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.” The fact that news reports widely cited Windows XP-powered PCs as instrumental in the worm-like spread of WannaCrypt — including in the NHS’ networks — was almost certainly a factor in Microsoft’s decision. In early 2014, prior to Windows XP’s retirement, the U.K. government contracted for one year of custom support. The Government Digital Service did not renew the contract, leaving XP machines helpless in the face of attacks after April 2015. Significant numbers of users still run Windows XP and Windows 8, two of the out-of-date versions that Microsoft updated Friday. According to analytics vendor Net Applications, 7.7% of all Windows PCs run XP and 1.7% run Windows 8. Together those editions power more than 150 million PCs worldwide. It was unclear Sunday whether Microsoft was delivering the new Windows XP, Windows 8 and Windows Server 2003 patches via the standard Windows Update maintenance service, or if users were required to manually download the appropriate fixes from the Update Catalog. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news Microsoft begins to phase out ‘classic’ Teams Microsoft is encouraging Teams customers to move to the new, faster version of the collaboration app; the older version will be switched off next year. By Matthew Finnegan May 03, 2024 3 mins Microsoft Teams Collaboration Software Productivity Software news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Udacity offers laid-off US workers free access to its courses for 30 days Sign-ups will be available over the next 30 days By Lucas Mearian May 02, 2024 4 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe