This is the first patch since April 2014 when XP reached EOS

May 13, 2017 11:10 GMT  ·  By

Microsoft has published an emergency update for Windows versions that are only getting custom support in order to block the ongoing attacks with the WannaCry ransomware (flagged by Microsoft as Ransom:Win32/WannaCrypt).

Windows XP, Windows 8, and Windows Server 2003 users can download the patch from the Microsoft Update Catalog, and the software giant recommends everyone to update their systems as soon as possible, given the growing number of attacks.

WannaCry infections were first spotted yesterday in Europe, with organizations in several countries, including the United Kingdom and Spain, being targeted. The British National Health Service was severely hit by the ransomware, which late on Friday started spreading across the United States as well.

The infection is based on a Windows vulnerability originally owned by the NSA and that got leaked earlier this year by hacker group Shadow Brokers. Microsoft explained that Windows versions still getting support, including here Windows 7, 8.1, and 10, with the latest updates installed and the most recent Windows Defender virus definitions, are completely secure.

Avoid opening emails from untrusted sources

On the other hand, Windows XP, Windows Server 2003, and Windows 8 are no longer supported, and they didn’t get the most recent Windows updates, so Microsoft decided to publish this emergency patch, given the scale of this attack.

“We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download,” Microsoft explained.

“This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.”

The company goes on to state that some attacks were using phishing tactics with malicious attachments, so users should avoid opening these files, especially if they come from untrusted or unknown sources.

The emergency patch for unsupported Windows versions can be found here: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.