During the WannaCry ransomware attacks, Microsoft faced criticism for not providing free custom support for critical vulnerabilities affecting older operating systems. Microsoft eventually rolled out a free patch for all operating systems with vulnerabilities that could be exploited by the Ransomware, but the damage was already done. Microsoft has custom support agreements to continue providing security updates to older operating systems, but the latest rollout of security fixes is available for free to all users.
According to Microsoft, the security patch is a precaution against potentially state-sponsored threat actors who can takeover systems using similar strategies to the WannaCry attacks. The patch fixes fourteen critical vulnerabilities in the affected operating systems. The vulnerabilities could allow the execution of remote code, escalation of privilege, or corrupt the memory on the systems. The vulnerabilities affect Windows XP and newer operating systems.
Those who have Windows 8.1 or Windows 10 running with updates enabled do not have to take any actions to get the latest security patch. Those running older operating systems can find details on the patch, and how to install them, in the Microsoft Security Advisory 4025685. Microsoft has indicated that the roll out of the patch to users of all operating systems irrespective of custom service agreements should not be seen as a departure from the norm.