Microsoft officially ended its support for most Windows XP computers back in 2014, but today it's delivering one more public patch for the 16-year-old OS. As described in a post on its Windows Security blog, it's taking this "highly unusual" step after customers worldwide including England's National Health Service suffered a hit from "WannaCrypt" ransomware. Microsoft patched all of its currently supported systems to fix the flaw back in March, but now there's an update available for unsupported systems too, including Windows XP, Windows 8 and Windows Server 2003, which you can grab here (note: if that link isn't working then there are direct download links available in the Security blog post).
Of course, for home users, if you're still running one of those old operating systems then yes, you should patch immediately -- and follow up with an upgrade to something current. If you're running a vulnerable system and can't install the patch for some reason, Microsoft has two pieces of advice:
- Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously.
- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445
Update: Microsoft legal chief Brad Smith has written a blog post that both calls for more help from customers (read: update more often) and chastises intelligence agencies for hoarding security exploits. They don't understand the risk to the public if the exploits leak, Smith says -- it's as if someone stole a batch of Tomahawk missiles. We wouldn't count on the NSA or other agencies heeding the call, but Microsoft clearly wants to make its frustrations heard.