Microsoft releases unusual patches for Windows Server 2003 and Windows XP
With an unusual move, Microsoft released on May critical patches for Windows Server 2003 and Windows XP. Such operating systems are long been discontinued and they don’t usually receive patches and updates besides eventual special agreements that could have been signed by customers. However, even in the past when WannaCry ransomware had been spreading in the wild and it was compromising several thousands of machines Microsoft released special patches for such old software. This time the new patches address vulnerabilities that would allow remote execution code and thus they have been deemed as critical. The flaws affect Remote Desktop Protocol (RDP) and could be mitigated by enabling NLA, a configuration that would require an user to authenticate before being able to connect to the machine. That would probably render the vulnerability uneffective. Enabling NLA for RDP connections has been long considered a must-have configuration and it is believed that most machines nowadays use such configuration.
In the meantime, Windows Server 2003 and Windows XP machines can install the new patch and users can visit this URL to get more information.