Skip to main content

Microsoft releases patch for new Wannacry-esque threat

(Image credit: Shutterstock)

Even though Microsoft's support for Windows XP ended five years ago, the company decided to issue a new security patch, to fix a potential vulnerability that could spread across the internet like wildfire.

Given that Microsoft went out of its way to patch a flaw in a long-dead operating system makes you wonder just how serious the issue is. Well, according to The Verge, it is reminiscent of WannaCry, a ransomware that took the world by storm two years ago, and whose consequences are still felt today.

It's not just Windows XP that's vulnerable. Windows 7, Windows Server 2003, Windows Server 2008 RS, as well as Windows Server 2008 have all been patched.

Unlike the others, Windows XP users will have to manually download the update from this website (opens in new tab).

“This vulnerability is pre-authentication and requires no user interaction,” says Simon Pope (opens in new tab), director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

Microsoft hasn't seen this vulnerability be abused in the wild, but it can't risk waiting. The problem with the patch is that hackers can easily reverse-engineer it, meaning even if they didn't know the flaw existed – they can start abusing it now.

And given that Windows XP users can't get the patch automatically, there will still be plenty of vulnerable machines out there.

The good news in all of this is that Windows 10, which is safe from this flaw, is the world's most used Windows operating system.

Image Credit: Shutterstock

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.