In a rare move, Microsoft released a security patch for Windows XP and Server 2003 for the second time in as many months. This is rare, as Microsoft typically won’t release any updates after the company has announced the end of life for a product. Windows XP reached end of life on April 8th, 2014 and Server 2003 hit it on July 14, 2015. Being this far away from when Microsoft has promised that it will no longer release any updates, and having 2 updates in the last couple of months means that there was definitely something very wrong with the operating systems.
The main catalyst for these updates was the WannaCry attack that occurred last month. WannaCry exploited some vulnerabilities that were discovered from some leaked NSA information. The data showed the vulnerabilities in the operating systems, and attackers were quick to make use of the information. Microsoft is now cleaning up the known security holes in XP and Server 2003 that weren’t fixed before, but was already fixed in Windows 7 and later.
Many people are reluctant to upgrade their operating system for a number of reasons. One of the main ones being proprietary software they use for their business that has not been updated to work on a newer OS. The importance of upgrading, especially when an OS has reached its end of life can not be stressed enough. When regular security patches are not being released, you open yourself and your company up to attacks that exploit known issues within the OS. Microsoft is truly going above and beyond to help out companies that are still holding out on upgrading. I wouldn’t count on it continuing much longer though.