Also known as WannaCrypt, the WannaCry ransomware attack hit computer systems around the world that are still using outdated software like Windows XP and Windows 7.
Microsoft made the unorthodox decision to offer security updates to users with older versions of Windows after identifying some vulnerabilities that “post elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Adrienne Hall, general manager for the company’s Cyber Defense Operations Center, said in a blog post.
Following the WannaCry attack, some researchers said North Korea was likely to blame, although officials in that country denied the allegation. The WannaCry malware took advantage of a Windows vulnerability that had been used for surveillance by the National Security Agency before the exploit was stolen and released by the Shadow Brokers hacking group in April.
“Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” Hall said in her blog post. However, the best defense against such malware is to update to a new platform that’s supported with regular security updates, she added.
“It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action,” Hall said. “Older systems, even if fully up-to-date, lack the latest security features and advancements.”
The decision to offer updates for unsupported software “should not be viewed as a departure from our standard services policies,” Eric Doerr, general manager of the Microsoft Security Response Center, said in a separate post on Microsoft’s TechNet site.