Last month when Microsoft issued security patches because of the WannaCrypt Ransomware that was targeting systems around the world they included patches for Windows XP and Vista - both versions of the Windows operating system that are no longer supported by the company.
At that time coverage of those security patches called the release for the older OS's unprecedented because once an operating system drops out of official support the company does not typically issue any kind of updates for them.
Well this month Microsoft is once again making security patches available for these unsupported OS's because of another serious security threat from nation-state actors the company has been made aware of which impacts current and unsuppoprted versions of Windows.
I guess we can no longer describe these updates as unprecedented because this is now two months in a row that Microsoft has released patches to address a security threat on older systems and that my friends is called precedence.
Don't get me wrong, I think this is good corporate responsibility from Microsoft. However, where do you draw the line on what is serious and what is not when it comes to security threats? Technically, any security threat is serious when it comes to the protection of resources, data, and the hardware which handles that information. So are we seeing this new precedence that Microsoft will patch any and all security threats to all versions of Windows that are in use or will this all end with the latest updates this month?
Unfortunately for Microsoft this is not a Win-Win situation. The first time they do not patch a security related issue in these unsupported operating systems they will be criticized for not doing so - especially if it impacts consumers.
Microsoft normally supports their operating systems for ten years. That consists of a five year period called Mainstream Support and then a follow on period of five more years for just security related updates. In the case of Windows XP it had almost 14 years of support and that happened because so many users were still on the OS and did not upgrade to Windows Vista or its successor Windows 7.
Whatever your reasoning for not getting off these unsupported systems, you need to take a serious look at the risks you are putting you and your data in these days because the threat landscape is much larger than it was in the days of XP and Vista. On top of that, those OS's are anything from modern and can not take advantage of the new technologies, including enhanced security features, that are available these days. Who wants to have that kind of limited computing experience anyway?
For those who would argue that Microsoft will now always patch these types of severe threats on unsupported OS's or that this means XP and Vista are now being officially supported once again - I would venture to say you are mistaken. The occasional release of security patches does not equal a supported OS - not even close.
Some have argued this week that these types of patches for unsupported OS's will prompt users to not upgrade from Windows 7 when its extended support period ends in January 2020. While that is certainly a possibility, I have always believed there will be those on Windows 7 that will not upgrade to Windows 10 no matter what, are you willing to put everything on the line to risk your personal information and possibly business/customer data on an outdated system?
Bottom line is users, both consumers and enterprise, who are still using outdated systems for some reason need to hunker down and figure out a plan for migrating from those security threats that are sitting right inside your home or office.
Otherwise you are putting others at risk because your system has the potential to impact others by spreading malicious software since it is not patched or built to deal with these modern threats. Honestly, when it comes to security this is a no-brainer. Get upgraded to a modern OS, whether it is Windows or something else, so that you are ready for these security issues because they are not going to stop anytime soon.