Microsoft Issues Rare Windows XP Patch Following Global WannaCrypt Ransomware Outbreak

Microsoft stopped supporting Windows XP several years ago, though because some users and businesses (including government agencies) are still clinging to the legacy operating system, it has been known to release patches for more serious security threats. It does not happen often, but it does happen. Case in point, Microsoft has issued a security patch to protect Windows XP systems from the WannaCrypt ransomware that is spreading across the globe.

Also known as WannaCry, WCry, and a handful of other names, WannaCrypt is believed to be one of the cybersecurity tools a hacking group pilfered from the National Security Agency (NSA) and leaked to the web. What makes this bit of ransomware particularly nasty is that it exploits a Windows vulnerability dubbed EternalBlue to spread across networks in a worm-like fashion.

Windows XP
Image Source: Flickr (Antonio Roberts)

Many of targets are running older versions of Windows, including Windows XP, Windows 8, and Windows Server 2003. Companies that still rely on a legacy version of Windows can pay Microsoft a subscription fee to continue receiving custom support and patches, but in this case Microsoft made the decision to issue a patch for all Windows XP setups

"Today many of our customers around the world and the critical systems they depend on were victims of malicious 'WannaCrypt' software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers," Microsoft stated in a blog post.

Later on in the blog post, Microsoft said it's decision "was made based on an assessment of the this situation, with the principle of protecting our customer ecosystem overall, firmly in mind."

WannaCrypt is said to have spread to tens of thousands of systems across dozens of countries in just the first few hours. Many of the targets included hospitals in the UK, some of which had to turn away patients. As files became encrypted, doctors and staff found themselves locked out of their computers and unable to access patient data.