[German]Microsoft has also released five critical security updates for Windows XP/ Server 2003 and Windows XP embedded on June 13, 2017. [Article has been rewritten and extended after initial release.}
Updates for Windows XP/Server 2003
Although Windows XP/Windows Server 2003 are out of support since years, Microsoft decided, to release security updates for both operating systems. Microsoft says in a MSRT blog post:
Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are new, and some are for older platforms under custom support agreements, that we are making publicly available today. Customers with automatic updates enabled are protected and there is no additional action required. For customers managing updates, or those on older platforms, we encourage them to apply these updates as soon as possible.
Also Adrienne Hall, General Manager Crisis Management at Microsoft has issued the following statement.
In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.
Both sources are saying: Microsoft's decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly.
Microsoft hasn't published details about KB4024323, which is offered for Windows XP/ Server 20 and Windows XP Embedded. Microsoft's Update Catalog says:
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
The document Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017 gives more detail. The update addresses security advisory CVE-2017-7269 (Windows RPC remote code execution vulnerability). Because these older Windows versions are out of ordinary support since years, the patches are available via Microsoft Update Catalog or from Microsoft Download Center.
Windows Server 2003 (x86): Download (removed)
Windows Server 2003 (x64): Download (removed)
Windows XP (x86): Download (removed)
Windows XP (x64): Download (removed)
Windows XP Embedded: Download (removed)
This Update for Windows XP SP3 and Windows Server 2003 addresses security advisory MS10-061 (Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)). The update packages may be found within Microsoft Update Catalog.
This Update for Windows XP SP3 and Windows Server 2003 addresses security advisory MS17-010 (Security Update for Microsoft Windows SMB Server (4013389)). The update packages may be found in Download Center:
Update KB958644 for Windows XP SP3 and Windows Server 2003 addresses security advisory MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution (958644)). The update packages may be found in Download Center:
Update KB958644 for Windows XP SP3 and Windows Server 2003 addresses security advisory MS17-013 (Security Update for Microsoft Graphics Component (4013075)). The update packages may be found in Download Center:
More security updates for Windows XP/Server 2003
Document Microsoft security advisory 4025685: Guidance for older platforms: June 13, 2017 contains sections 'Older platforms table x of 3'. This table offers additional security updates for Windows XP and Windows Server 2003. Here are a compressed list of further updates.
Cookies helps to fund this blog: Cookie settings