Microsoft has presented new patches for Windows XP and has warned about destructive attacks
June «Tuesday of updatings» has brought patches not only for supported operating systems of family Windows, but also for such "out-of-date" products, as Windows XP and Windows Server 2003.
Experts of company Microsoft have published in an official blog at once two messages in which have warned the companies and simple users about potential activity «the governmental hackers» who can initiate «destructive cyberattacks».
The event is direct continuation of epidemic WannaCry from which last month have suffered hundred thousand organisations and private persons worldwide. Considering criticality of a situation, in May, 2017 engineers Microsoft have presented emergency patches for not supported OS: Windows XP, Windows 8 and Windows Server 2003. Then the company has closed vulnerability which exploits ETERNALBLUE and DOUBLEPULSAR with which help extended WannaCry used.
However, many experts of information security, warned that Microsoft has eliminated not all problems. So, without corrections became vulnerability which maintain tools ESTEEMAUDIT (RDP), ENGLISHMANSDENTIST (Outlook) and EXPLODINGCAN (IIS 6.0). Experts of the company enSilo even have written own version of a patch for Windows XP and Windows Server 2003, being afraid of repetition of incident with WannaCry.
I will remind that the tools set forth above have been stolen at a NSA in 2016. The group of the hackers naming The Shadow Brokers, long time tried to sell "cyberweapon" which has fallen into in their hands and when to find the buyer it was not possible, in April, 2017 the grouping has published the stolen data absolutely free of charge, in open access.
Now, as a part of June «Tuesday of updatings» company Microsoft has officially eliminated vulnerability which maintain ESTEEMAUDIT, ENGLISHMANSDENTIST and EXPLODINGCAN.
Patches for Windows XP and Windows Server 2003 are already accessible, links can be found more low.
| CVE | KB the identifier | ||
| All CVE from MS17-013 | KB4012583 | ||
| CVE-2017-0176 [ESTEEMAUDIT] | KB4022747 | ||
| CVE-2017-0222 | KB4018271 | ||
| CVE-2017-0267 to 0280 | KB4018466 | ||
| CVE-2017-7269 [EXPLODINGCAN] | KB3197835 | ||
| CVE-2017-8461 | KB4024323 | ||
| CVE-2017-8487 [ENGLISHMANSDENTIST] | KB4025218 | ||
| CVE-2017-8543 | KB4024402 | ||
| CVE-2017-8552 | KB4019204 | ||
