While security updates by Microsoft are quite routine, the company issuing patches for older versions of Windows points to an open vulnerability that can have major repercussions
This week Microsoft issued an update in Windows 7, Windows Server 2008 and Windows Server 2008 R2 to protect against a potential widespread cyber-attack. The company issued an urgent warning the users of these versions of Windows as it pushed out a patch for a high-severity vulnerability affecting the Remote Desktop Services.
What was shocking was that the tech giant also fixed bugs for OS that don’t receive support updates. These include Windows XP and Windows 2003. Experts suggest that the decision to patch these older versions suggest that it could be a second WannaCry situation where global scale exploit is possible.
Till date, WannaCry has been the worst of cyber-attacks that terrorized organizations around the world in May 2017. This ransomware attack encrypted files on the infected machines and hackers demanded the victims to pay a ransom to regain access to the information. This had affected as many as a million systems and extracted thousands of dollars from victims.
Experts in favor of Microsoft argue that the attack was entirely avoidable as Microsoft had issued a security patch almost two months before the attack, but the users did not do the critical update. With a security update coming again at this level, there is a possibility of the same happening back.
Industrial cybersecurity platform experts are explaining the situation of industries that need systems 24/7; believe that the updates are not possible by companies like oil refineries or electricity generation companies, as they cannot stop. Research from CyberX, a cybersecurity platform, suggests that out of the 850 operation technology networks that they observed, 53% of industrial sites still run on unsupported versions of Windows.
Research also suggests that even with automatic updates available, it is not possible to stay on top of security patches. A survey by Google in 2015 found that over 30% of security professionals do not keep their systems updated.
For the latest update on Windows XP users will have to download the update manually. Experts suggest Microsoft be more public about these updates and send advance notice this time to avoid a sequel to WannaCry attack.