Windows XP PSA: There's a huge, unusual security update you need to install

Windows XP users are being warned to update their PC, after Microsoft spotted "elevated risk" of cyberattacks from WannaCrypt-style malware. The update, which is being pushed out today as part of the company's regular Update Tuesday service, is unusual, because officially Windows XP falls outside of the currently active operating systems that Microsoft supports. In fact, Microsoft put Windows XP out to pasture back in April 2014.

Then, the recommendation was to upgrade to a more recent version of Windows, which would still be eligible for regular updates. Of course that doesn't always happen, and there are still plenty of PCs out there still running the old software. Now, that decision could be coming back to haunt them.

In a statement today, Microsoft confirmed it was including Windows XP in the usual batch of Update Tuesday patches. That's normally reserved for Windows 10 and Windows 8.1 machines; indeed, users of systems with those installed don't need to be concerned by today's warning. They'll already have the patch in question loaded automatically.

Those running Windows XP, however, won't. Though Microsoft released the patch last month, hoping to cut off the number of legacy PCs vulnerable to – and thus potentially helping the spread of – WannaCry malware, it was an optional installation. Without it, infected computers could hold users' files to ransom.

"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations," Adrienne Hall, General Manager of Microsoft's Cyber Defense Operations Center, wrote of the unusual update. "To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows."

"Due to the elevated risk for destructive cyber attacks at this time," Hall continued, "we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt."

The hope is that by including the software in the regularly scheduled update, there'll be far greater uptake. However, Microsoft is clear that this shouldn't be seen as a sign that those with older versions of its software are safe to stick with the outdated code. "Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies," Eric Doerr, General Manager of the Microsoft Security Response Center, warned.

MORE Microsoft