With businesses and organizations across the globe reeling from a major ransomware attack – including the NHS in the UK – Microsoft has taken the unusual step of releasing a security patch for Windows XP, some three years after support for the antiquated OS was officially stopped.
The WannaCry ransomware is currently causing a headache for IT managers at Renault in France, the NHS in the UK, Telefónica in Spain, and dozens of other companies. It works by exploiting an unpatched bug in Windows XP, the 16-year-old operating system which is still limping along in many a corporate office.
Microsoft stopped issuing global patches for XP in April 2014, though it does still provide essentially security updates for the OS to companies who stump up extra cash for the privilege. The WannaCry attack is so serious, though, Microsoft has decided to take action.
Your money or your files
“We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003,” says Microsoft. “Customers running Windows 10 were not targeted by the attack today.”
Meanwhile the spread of WannaCry has been slowed down somewhat after a security researcher registered one of the domain names mentioned in the program’s code, the Guardian reports. The ransomware apparently doesn’t spread itself if the domain is active, which it now is – it looks like a hidden ‘kill switch’ added by the developer.
WannaCry is the latest in a long, long line of lessons to keep your software updated and patched up. The security block for this ransomware was pushed out by Microsoft back in March, but won’t have reached OSes that are no longer supported – like Windows XP.