Security Experts:

Windows XP Receives Patches for More 'Shadow Brokers' Exploits

Microsoft has released patches for Windows XP and other outdated versions of the operating system to fix several critical vulnerabilities that are at heightened risk of being exploited by state-sponsored actors and other threat groups.

The tech giant informed customers in mid-April that a series of exploits leaked by the group known as Shadow Brokers, which allegedly obtained the files from the NSA-linked Equation Group, had been patched in supported versions of Windows with the March security updates. According to some reports, the NSA itself disclosed these flaws to Microsoft following the Shadow Brokers leaks.

Roughly one month later, following the WannaCry ransomware attacks that hit hundreds of thousands of systems across the world, Microsoft decided to fix the SMB vulnerability leveraged by WannaCry in Windows platforms under custom support agreements.

The company has now decided to release more patches for these versions, including Windows XP, Windows Vista, Windows 8 and Windows Server 2003, to address other vulnerabilities that are at elevated risk of exploitation “due to past nation-state activity and disclosures.”

The list of patched flaws includes ones leveraged by three other exploits leaked by Shadow Brokers, namely EnglishmanDentist (CVE-2017-8487), EsteemAudit (CVE-2017-0176) and ExplodingCan (CVE-2017-7269).

Both supported and unsupported versions of Windows also received patches on Tuesday for two vulnerabilities, CVE-2017-8464 and CVE-2017-8543, that have been exploited in attacks by unnamed threat actors.

The list of older vulnerabilities that have now been fixed in outdated versions of Windows also includes remote code executions described in the MS17-013 bulletin, an Internet Explorer memory corruption (CVE-2017-0222), several Windows SMB flaws (CVE-2017-0267 - CVE-2017-0280), an actively exploited IIS buffer overflow (CVE-2017-7269), a Windows privilege escalation issue (CVE-2017-8552), and an actively exploited Windows olecnv32.dll RCE (CVE-2017-8487).

“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly,” said Eric Doerr, General Manager of the Microsoft Security Response Center.

“As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements,” Doerr added.

Related: Microsoft Patches Several Malware Protection Engine Flaws

Related: Microsoft Warns Governments Against Exploit Stockpiling

Related: Crowdfunding for Acquiring Shadow Brokers Exploits Canceled

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.