Microsoft has released several critical security updates to protect against widespread hacking, citing an “elevated risk of cyber attacks.” These patches could help prevent another global ransomware outbreak like last month’s WannaCry.
“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Adrienne Hall, General Manager of Microsoft’s Cyber Defense Operations Center, said in a blog post.
The WannaCry ransomware attack targeted hundreds of thousands of machines around the world, locking computers unless victims paid a ransom in Bitcoin. The ransomware spread through a flaw in Windows that was leaked as part of a trove of hacking tools believed to belong to the NSA.
At the time, Microsoft released updates for software it no longer supports, which was an unexpected move.
On Tuesday, the company once again issued updates for old, outdated systems.
It’s unclear whether Microsoft has been warned of another cyberattack using similar exploits that WannaCry leveraged. A Microsoft spokesperson told CNN Tech that security teams are actively monitoring cyberthreats, and the decision to release Tuesday’s updates is “an exception based on the current threat landscape and the potential impact to customers and their businesses.”
Security experts have said there are similarities between the code used in the WannaCry attack and a hacking group linked to North Korea.
Tuesday’s security update includes patches to its Windows XP, Windows Vista, and Server 2003 products, which are unsupported but still widely-used. These patches must be installed manually. Updates will be automatically available for Windows 10, Windows 8.1, Windows 7 and Windows Server releases after 2008. Microsoft suggests customers enable Windows Update if they haven’t already.
Microsoft distributed the updates in addition to this month’s “Patch Tuesday,” the security updates Microsoft rolls out each month.
Part of the reason why WannaCry was so successful was because many of the facilities attacked — like hospitals and businesses — had not updated their software to patch the holes.