On Tuesday, in addition to their usual Patch Tuesday updates, Microsoft released security updates for end-of-life (EoL) operating systems (OS) including Windows XP, Windows Vista, and Windows Server 2003, to address critical vulnerabilities. As explained in a blog post, Microsoft stated that the updates will protect against “potential nation-state activity” or copycat activity by patching vulnerabilities exploited in alleged NSA hacking tools, ESTEEMAUDIT, ENGLISHMANDENTIST, and EXPLODINGCAN. The decision was made to update older, unsupported products due to the elevated risk of disruptive or destructive attacks, similar toWannaCry. The NJCCIC recommends users and administrators review Microsoft’s blog post,the Microsoft Security Advisory and Guidance for Older Platforms, and update affected systems as soon as possible. The NJCCIC strongly urges organizations running EoL systems to update to a supported OS.