Microsoft Releases Emergency Security Update for Wanacrypt Ransomware
Yesterday, computers around the world running earlier versions of Windows were targeted by a new ransomware attack called Wanacrypt. If you can’t upgrade to a modern OS, here’s a fix to protect your computer.
Yesterday, computers around the world running earlier versions of Windows such as Windows XP (from 2001…) and Windows Server 2003 were impacted by a malicious vulnerability called ‘Wanacrypt’. Experts have determined the malicious code takes control of the computer and encrypts all the data on the hard drive. It then requires payment using Bitcoin to get access back to the computer. It was originally developed by the NSA and used as a backdoor into systems.
Unfortunately, the code was leaked and ended up in the wrong hands, resulting in today’s situation. Critical emergency services such as hospitals and law enforcement in the UK have been broadly impacted by ‘Wanacrypt’. The end result being, if you don’t have a backup of your system with an App like Crashplan that keeps all versions of all your files, you’re out of luck. Unless that is you’re running a modern operating system like Windows 10.
Windows XP, Windows Server 2003 and Windows 8 Get Security Fix for ‘Wanacrypt’ Attack
The severity of Wanacrypt has been so devastating that Microsoft developed a fix for out of date versions of its Windows operating systems. Although the fix can’t reverse the effects of an infected system, it does prevent vulnerable versions of Windows from getting infected, at least from this specific malware.
The software firm detailed in a blog post measures customers can take to protect and remove the malicious software from their systems.
Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
Details are below.
- In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
- For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
- This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
There was no mention of Windows 7, Windows Server 2007 or Windows 10 being susceptible to the Wanacrypt ransomware. Obviously, this is yet just one more reason to keep your computer on the latest operating system. Yes I know, it’s not always to keep updating, however, in order to stay ahead of the bad guys, Microsoft spends billion. With this in mind, if you’re still running an older version of windows, please consider upgrading to Windows 10 today.
Users on older releases still supported by Microsoft can do their part to ensure attacks like these are minimal.
- Apply the patches for your systems when they become available. I hate to say it, but Microsoft did release a fix for this, most of whom got attacked, simply didn’t install the Microsoft Security Bulletin MS17-010 patch.
- Backup, we talk about it all the time at Groovypost, if you are not doing it, now is a good time to start.
- Be conscious of your email messages and where they come from. Wanacrypt was able to infiltrate systems through email attachments some users opened unsuspectingly.
Users can download patches for their respective versions of Windows at the following links: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
This really can affect several IT organizations. It is important to be safe and secured from this.
Andre Da Costa
More systems are expected to be affected today.
Am I missing something, where’s the XP SP2 32-bit?
Thank you for your comment here.
I have not actually verified this, but I think I can answer your question. For all kinds of patches/updates which Microsoft produce for Windows operating systems, they (Microsoft) assume that people’s computers will be running the most recent available Service Pack for their version of Windows.
The most recent Service Pack for Windows XP 32-bit is Service Pack 3. (The most recent Service Pack for Windows XP 64-bit is Service Pack 2.) Therefore, Microsoft’s update to patch this vulnerability for Windows XP 32-bit computers is meant for computers running Windows XP SP3 32-bit only.
For anyone today who has a computer running Windows XP SP2 32-bit, their first step should be to install Service Pack 3 for Windows XP 32-bit. After doing that, they should be able to install this special security “patch” from Microsoft.
I hope this helps.
Andre Da Costa
See the following: Windows XP SP3 x86
How about Apple systems? Does this thing have any effect on those? Wow!! I’m sure glad I went to Win 10 on all five of my computers.
Andre Da Costa
Nope, alternative platforms such as macOS, iOS, Android and Linux are safe from this. Nothing is preventing the hackers from crafting a similar infection though. Every platform is fair game these days. So, the same precautions should be applied. Don’t open attachments from strangers, install all updates and backup.