Versions of Windows aren't supported forever. Microsoft stopped releasing updates for Windows XP in 2014, for example, and other versions of the operating system have also been dropped to let the company focus on their modern descendants (and encourage laggards to upgrade). Yet that didn't stop Microsoft from releasing a critical security fix that should offer Windows XP, Windows 8, and Windows Server 2003, among others, the same protections as their Windows 10 counterparts.
Microsoft reached that decision after the WannaCry ransomware spread across the world late last week. The ransomware spread by exploiting a vulnerability that was patched in recent versions of Windows (7, 8.1, 10, Server 2012, etc.) back in March. However, the vulnerability was still present in many devices, whether it was because they disabled automatic security updates or because the devices relied on unsupported Windows products.
As we pointed out today, some of the affected organizations simply can't use new versions of Windows because they rely on legacy software or fear that patches will create problems with critical devices. Continuing to use Windows XP three years after Microsoft stopped officially updating it creates security problems, sure, but it could also mean that hospitals and large businesses are able to use life-saving or mission-critical apps.
"This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind," Microsoft Security Response Center principal security group manager Phillip Misner said in the update's announcement.
With this update, Microsoft responded to the world as it is, not the world as the company wants it to be. In an ideal world, every individual and organization would use the most recent versions of all their software to defend against known vulnerabilities like those exploited by WannaCry. But this isn't an ideal world. People still use Windows XP and Windows 8 and Windows Server 2003. It's better to fix a problem as critical as this one than to chide everyone for using old versions of Windows, even if they're only doing so because critical legacy software doesn't support Windows 10.
You can learn more about the vulnerability patched with these updates, MS17-010, on Microsoft's website. Download links for old versions of Windows can be found in Microsoft's blog post. Misner said the company is "working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate."