Microsoft has recently issued another surprise patch to help protect the surprisingly large Windows XP user base. In this case, the patch is aimed at addressing security flaws used by the NSA and other nation-state hackers. This is on the heels of an out-of-band emergency patch in response to the global “Wannacry” ransomware attack.
What makes this remarkable is the fact that Microsoft formally ended support for the XP platform in 2014.
Most people who aren’t intimately connected to the world of data security don’t know much about recent nation-state hacking tools and methodologies, and that’s probably a good thing. State actors have deep pockets and virtually unlimited ability to hire the best talent and stay focused on a single goal for years at a time.
Nation-states were relatively slow to embrace cyberwarfare, but they’ve been playing catch up for years and have now taken the lead. They have developed some of the most devastating tools seen in the wild today.
Just to cite one example, consider Stuxnet. While no one knows exactly where this nasty worm came from, the best information we have is that it was a joint venture developed by the NSA and Israeli security.
It was developed in order to stop Iran’s nuclear program. Unlike other worms that target highly advanced and secure devices like PCs and smartphones, Stuxnet was designed to target much simpler computers used as control systems for industrial equipment.
In the case of Iran, it was used to target the nation’s centrifuges, which are an integral part of their nuclear program. Once infected, the worm would disrupt their normal function while displaying information to the techs monitoring it that everything was okay, resulting in an inevitable explosion.
The attack was devastatingly effective in the short term, and was responsible for the destruction of nearly 40 percent of Iran’s centrifuges.
It can also be used to attack power stations, rail road switching stations, signal lights and the like, and it could easily be used to wreak havoc on any developed nation.
Of course, in addition to doing all those things, the worm and others like it can be turned on more traditional devices, thus the need for an update, even though support has officially ended for the venerable OS.
The patch certainly isn’t perfect or fool proof, but it will undoubtedly help make computers using XP safer and more secure until their owners can upgrade to a more modern, robust operating system.