Did Microsoft Write XP Patch Months Before WannaCry?
Ashley Allen / 10 months ago
The WannaCry ransomware attack earlier this month proved to be a disaster for Windows XP users. In response, Microsoft patched its vulnerable operating systems – including XP, Windows 8 RT, and Windows Server 2003 – last week, outside of the official support window. But did Microsoft write the fixes months before WannaCry went public?
Clues in the Metadata
According to The Register, Microsoft may have written the recently-released XP updates as early as February.
The Register’s Iain Thomson reports:
“Our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.”
The Metadata scraped by The Register shows the following dates
- Windows XP: Feb 11, 2017
- Windows XP Embedded: Feb 17, 2017
Why Would Microsoft Not Release an Update It Has Already Written?
Well, it seems as though Microsoft did release the update, only not to the general public. While official support for Windows XP ended three years ago, a privileged few can still get updates from Microsoft. If you have the money, you can pay Microsoft for custom support for an outdated operating system. Microsoft appears to have sent the patch to its custom support customers earlier this year. After last week’s WannaCry disaster, Microsoft released the update publicly.