Microsoft, as part of their regular Update Tuesday schedule, have provided additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.
- Microsoft Windows: XP, Vista, 7, 8, 8.1 and 10
- Microsoft Windows Server, 2003, 2008, 2008 R2, 2012, 2012 R2 and 2016
Some of the releases are new and some are for older platforms that are out of support – they are making these publicly available for the first time.
Microsoft security teams actively monitor for emerging threats to help organisations protect themselves against potential attacks. Those on older platforms (such as Windows XP) should prioritise applying these critical updates which can be found in the Download Center (or alternatively in the Update Catalog).
The patches for out of support operating systems include protection against the EsteemAudit, ExplodingCan and EnglishmanDentist exploits – these exploits target flaws in the Windows remote desktop protocol, IIS 6.0 and Microsoft Exchange servers.
Microsoft made the following statement:
“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.
As usual, customers on supported platforms with automatic updates enabled, like Windows 10 or Windows 8.1, are protected and do not need to take additional action.”
- Microsoft June 2017 security updates release: https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
- A detailed list of the updates released due to heightened risk can be found on Microsoft Security Advisory 4025685, along with Frequently Asked Questions
- For customers using Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 8.1 RT, Windows Server 2012 R2, Windows 10, or Windows Server 2016 see Microsoft Knowledge Base Article 4025686 for guidance.
- For customers using Windows XP, Windows Vista, Windows 8, Windows Server 2003, or Windows Server 2003 R2 see Microsoft Knowledge Base article 4025687 for guidance.
- For customers using Windows Embedded versions see Microsoft Knowledge Base article 4025688 for guidance.
Computers configured with automatic updates enabled are protected and there is no additional action required.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.