Patch Your PC: Yet Another Massive Exploit Discovered

John Lister's picture

Microsoft has issued three updates to fix flaws in older, unsupported versions of Windows. It's an unusual move that follows the discovery that both the National Security Agency (NSA) and outside hackers are exploiting the flaws, similar to the one that allowed the WannaCry Ransomware worm to spread just a few weeks ago.

The updates cover both Windows and Windows Server editions going right back to XP. They'll be issued through the usual automated updates, which means people on Windows 8.1 and later shouldn't need to do anything. Those on earlier systems may need to manually download and install the updates if they have previously switched off automatic updates or are using older editions that are no longer supported.

Update Follows WannaCry Attacks

Issuing patches for software such as Windows XP, which is long out of its support cycle, is not something Microsoft expected to be doing in 2017. This is the second time this year it's been forced to do so, following on from the discovery of vulnerabilities that led to the "Wannacry" (or "WannaCrypt") ransomware attack that put hundreds of thousands of computers out of action worldwide, most notably in the United Kingdom's health service network.

According to Microsoft, this isn't a change in its standard policy. Instead this is an exceptional move that it made because the bugs in question are "at heightened risk of exploitation due to past nation-state activity and disclosures." It adds that this risk includes "potential attacks with characteristics similar to WannaCrypt." (Source: windows.com)

NSA Breach May Be Factor

Usually the term "nation-state activity" would suggest a foreign government trying to spy on an enemy. In this case it appears the nation in question might actually be the US, with the National Security Agency discovering and exploiting bugs as part of its cyber surveillance work, only to have itself be breached, thus putting the details of the bugs into the hands of hackers.

Issuing special security updates for Windows XP does not mean it's safe to stick with the old system, just because Microsoft will always patch the "most serious" of bugs. Security experts point out that any unpatched computer can easily be exposed to malware that can be just as damaging as WannaCry. That said, WannaCry spread as fast as it did because all Windows systems were vulnerable to attack at the same time, making the strike especially easy. (Source: zdnet.com)

How to Patch Your System

If your system is still supported with security updates, you can use Windows Update to download the security patches - but ONLY if your Windows Update is working properly - here's how to know. For systems that are no longer supported, or if your Windows update is broken, you may need to download patches manually - described next.

Manually updating:

For customers using Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 8.1 RT, Windows Server 2012 R2, Windows 10, or Windows Server 2016, refer to Microsoft Knowledge Base Article 4025686 and download all the patches that pertain to your operating system.

For customers using Windows XP, Windows Vista, Windows 8 (not Windows 8.1), Windows Server 2003, or Windows Server 2003 R2 see Microsoft Knowledge Base article 4025687, and download all the patches that pertain to your operating system.

Yet Another Option: Upgrade to Windows 10 - FOR FREE

Here's something most people don't know: you can upgrade to Windows 10 ABSOLUTELY FREE without having to pay for it and without ever entering an activation license. That said, certain parts of Windows 10 will be locked (such as personalizing the desktop with a background, for example) and your desktop screen will be watermarked as "not activated", unless you pay for the activation. That should not be a problem for most, considering that the operating system is secure and updated regularly.

If you're still running Windows XP or Vista and your hardware is supported with Windows 10 - now is the time to upgrade! A brief rundown of what is required: check to see if your hardware is supported; if so: create a disk image backup of the system, download the Windows 10 ISO, burn it to DVD or USB thumb drive, format the C drive and install Windows 10 clean, restore your user data from the disk image backup, reset permissions on the user data, reinstall your programs, install Windows 10 anti-spy program(s), a new start menu, etc. For most people this won't be an easy task in of itself; as such you are welcome to contact Dennis for remote desktop support and he can manage the entire process for you - described next.

Additional 1-on-1 Support: From Dennis

If your Windows Update is broken and you need help fixing it, or if you're using an unsupported / outdated version of Windows and wish to upgrade to Windows 10 - for free - I can manage the entire thing for you using my remote desktop support service. Simply contact me, briefly describing the issue and I will get back to you as soon as possible.

What's Your Opinion?

Has Microsoft got the right balance of patching XP to mitigate the worst bugs while still encouraging people to upgrade? Do you know of anyone still on XP and are they aware of the risks? Should people running older, insecure software be left to it, or does it pose too much risk to other computer users through spreading malware?

Rate this article: 
Average: 5 (3 votes)

Comments

Dennis Faas's picture

Although some people will disagree, I am glad Microsoft forces Windows Updates on its users beginning with Windows 10 for reasons described in this article. There is no reason to not install updates, especially if you make disk image backups of the OS regularly. This is the only way to properly stay patched all of the time. If you get a bad patch or if the OS goes corrupt - simply revert the disk image backup. It is not difficult to do! Also, if you keep your user data and the OS separate on different partitions, the entire backup and restoring becomes a whole lot easier to manage, because the backups will be much, much smaller and the time to restore much, much less. If anyone needs help with disk image backups, a broken Windows Update, or even upgrading to Windows 10 - I am more than happy to assist you via remote desktop - just send me a message!

ecash's picture

I really do..
|The first time you set them up, they take TIME, LOTS OF TIME..
Even an incremental update, can be a problem. As you SHOULD have 3-4 of them. As you could CATCH and Carry and SAVE a virus/bot/crap/infection WITH your backup.. And each should be More then 1-2 weeks separation.
Then there is the OLD, MS screw'd it up again thing..

But MS has Almost made it hard NOT to do Updates. ITs best to keep them up. But ALWAYS BACKUP DATA..never think your computer is a Safe place to keep WHAT you want permanent.

Picture/music/Documents..SAVE them OFF your computer.
1 Virus hit, 1 Electrical Failure, 1 fire, 1 FLOOD, 1 computer failure...1 Theft..and its all gone.

nospam_5346's picture

I use to do all of the updates and then Microsoft loaded my Windows 7 with all of the Windows 10 telemetry updates. I blocked them with WinPrivacy, but noticed that they were trying to phone home a couple of hundred times in a two to three week period.

So, I hunted down all of the telemetry updates and uninstalled them. But, I had to continually hide them again and again as Microsoft kept trying to reinstall them.

Then they changed to rollup updates where you can't pick and choose which updates to install and not knowing if any particular update contained all of those telemetry updates, I've stopped updating Windows from Windows Update and hide all of the rollup updates.

I do, however, go to Windows Catalogue and download the security only updates.

If only I could trust Microsoft not to slip all of those Windows 10 telemetry updates onto my system, it would make my life a lot easier. But experience has shown, with the same update showing up multiple times after being hidden, that they can't be trusted.

ecash's picture

See,
I look around win10 and find all these OTHER things that are on tablets and phones, and ASK why me?
WHY GPS, Tablet mode, Contacts lists...
THIS IS NOT A TABLET/PHONE..

I could probably find a program to CUT some of these features..But wouldnt you THINK.. that an INSTALL would search..not find..not install?? THEN win-apps..Compared to any other service, ITS LACKING even the basics..System and fan monitors, Network monitors..
And when win7 then win8 CHANGED how it does the Win10 APPS idea..they all had a way to add interesting features..and NOW you have to backdoor some of them to get them back..Im starting to feel like a ALPHA tester..

AND for the mobile fone design...WHERE IS THE NOTIFICATION that Windows is updating??
HATE playing something and things Go to SLOW MODE..

blueboxer2's picture

I tried to follow your instructions and went to Windows Support. In the search box I entered KB4025686 which elicited a number of suggestions, including "Windows XP in 4025686 in windows xp" which I clicked on. I was then presented with a list of items pertaining to updates to everything from Windows 10 back. (Well, there were no Win9x or 3.1.1 updates) and a report of north of 102,000 items found.

I did not find this particularly helpful. I would welcome more precise advice.

When I could still travel, I used the old Win XP Pro computer to handle my internet needs, which it did satisfactorily, and if it was stolen, well I had a newer one. It still can be fun for classic games occasionally and there are some old programs on it that do things I want done adequately and have no current counterparts. No doubt sometime I will dump an image to an external USB drive and convert the computer to Linux. I suspect the learning curve will be no worse than Windows 10 and the malware vulnerability far less, with no snooping. If there is anything in Windows 10 I need or want I haven't heard about it yet.

But meantime I don't want to risk becoming a spreader of nasties around the net, if only I can find instructions to get the update. Any ideas, anyone?

Dennis Faas's picture

I don't know why you're entering in KB #'s in a search engine as that is not part of the instruction in the article. To find the necessary Windows XP KB's to patch your system: click the link provided in the article (https://support.microsoft.com/help/4025687), then find where it says "Older platforms table 1 of 3" on the page, then click on the all links in the table (from left to right) that pertain to your system. Example: In the heading "Windows XP Service Pack 3" there are the following links: 958644, 2347290, 4012598, and 4012583. Click those links, and download those KB's if it pertains to your system.