Did Microsoft Write XP Patch Months Before WannaCry?



/ 4 months ago

Did Microsoft Write XP Patch Months Before WannaCry?

The WannaCry ransomware attack earlier this month proved to be a disaster for Windows XP users. In response, Microsoft patched its vulnerable operating systems – including XP, Windows 8 RT, and Windows Server 2003 – last week, outside of the official support window. But did Microsoft write the fixes months before WannaCry went public?

Clues in the Metadata

According to The Register, Microsoft may have written the recently-released XP updates as early as February.

The Register’s Iain Thomson reports:

“Our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.”

The Metadata scraped by The Register shows the following dates

  • Windows XP: Feb 11, 2017
  • Windows XP Embedded: Feb 17, 2017

Why Would Microsoft Not Release an Update It Has Already Written?

Well, it seems as though Microsoft did release the update, only not to the general public. While official support for Windows XP ended three years ago, a privileged few can still get updates from Microsoft. If you have the money, you can pay Microsoft for custom support for an outdated operating system. Microsoft appears to have sent the patch to its custom support customers earlier this year. After last week’s WannaCry disaster, Microsoft released the update publicly.


Topics: , ,

Comments

7 Responses to “Did Microsoft Write XP Patch Months Before WannaCry?”
  1. Glyn Davies says:

    And the point is?

  2. Scott Elsdon says:

    Microsoft officially ended its support for those system, anyone who pays for them can subscribe to the extended support model. yes, microsoft writes patches for those systems, however you need to pay to get them. All they did was make one of those patches available to the world, No mystery, no hidden agenda. do some research before writing pap.

    • Stijn de Witt says:

      But they are charging top dollar for fixes to mistakes they made themselves. So the more mistakes they make, the more fixes they can sell. There is something very wrong with such a business model.

      • Scott Elsdon says:

        So they shoudl support archaic operating system ad infinitum. in the year 2070 when quantum computers are in vogue and artificial intelligence can crack 256 cipher blocks, shoudl they still be offering patches for XP ? the thing is dead. get off it, move on.

        • Stijn de Witt says:

          No, they should either *really* stop support, or give it to all customers.

          What they are doing now is they still write the patch, but only give it to you if you pay through the nose for it. They are making more costs by having to differentiate between customers with and without support contract. They make these costs so they can create a ‘market’ for security patches.

          I would support a law that puts a mandatory support term on consumer targeted software and that explicitly forbids charging money for security fixes.

          • Scott Elsdon says:

            But they arnt, they are giving these away for free now. how many Server 2003 and Xp, Vista and Win 8 patches have they given away for free because there is a serious issue in the wild ? 8, 9 in the last 30 days ? TBH I’d be pissed if Id paid MS $120k US for support only to find them handing out this to everyoen afterwards.

          • Stijn de Witt says:

            Yeah but they waited long enough for the WannCry ransomware to be released first, creating millions of dollars of damage. MS actually had to spend money to prevent the patch just being released to everyone the first time round.

            “I’d be pissed if Id paid MS $120k US for support only to find them handing out this to everyoen afterwards.”

            Jalousy? Why would you care?

            Personally, I am pissed that the biggest customers for this ‘service’ by Microsoft are governments, hospitals etc. So public organisations spending public funds.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!