Microsoft’s patching Windows XP, an anonymous tech company fought back against PRISM, and more of the week’s most important security news.
In May, Microsoft released patches for the virulent WannaCry ransomware for Windows XP even though that operating system is no longer officially supported. This week, the company followed up with a dozen additional patches that cover no-longer-supported versions including Windows XP, Windows Vista, Windows 8, Windows Server 2003, and Windows Server 2003 R2. Microsoft said that though it is not reinstating support for these aging OSes, it does want to take “action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.” While working to anticipate and preempt the next WannaCry-type incident is important, some experts worry that making too much of a habit of patching old systems will give stragglers an excuse to hold out on these dangerously insecure platforms even longer instead of being forced to upgrade. On the other hand, security pressure hasn’t really created that urgency so far.
A US tech company attempted to refuse participation in National Security Agency bulk surveillance, according to a declassified, extensively redacted Foreign Intelligence Surveillance Court ruling document. The unnamed company tried to avoid contributing data to the PRISM aggregation program, which the NSA operates under Section 702 of the FISA Amendments Act. The company basically demanded that the NSA obtain a warrant, citing Fourth Amendment concerns that in the process of surveilling foreigners, the NSA would end up collecting the data of US citizens as well. But Judge Rosemary Collyer wrote in her decision, “The mere fact that there is some potential for error is not a sufficient reason to invalidate the surveillance.” Nice hustle, though.