Following the massive Wana Decrypt0r ransomware outbreak from yesterday afternoon, Microsoft has released an out-of-bound patch for older operating systems to protect them against Wana Decrypt0r's self-spreading mechanism.
Microsoft windows microsoft windows xp security patch free download - Windows 10, Microsoft Security Essentials, Windows XP RPC Interface Buffer Overrun Security Vulnerability Patch, and many more. I received 4 security updates for Windows XP. They are KB2742595 KB2736428 KB2656351 KB2487367. EAch time I try to install they fail, even after I ran your fixit program. Appreciated your assistance in finding the problem and correcting. 'Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003. Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack. New, 80 comments. A security group manager at Microsoft. “Given the potential impact to customers.
The operating systems are Windows XP, Windows 8, and Windows Server 2003. These are old operating systems that Microsoft stopped supporting years before and did not receive a fix for the SMBv1 exploit that the Wana Decrypt0r ransomware used yesterday as a self-spreading mechanism.
That mechanism is a modified version of the ETERNALBLUE exploit, an alleged NSA hacking tool leaked last month by a group known as The Shadow Brokers.
Original MS17-010 patch didn't include XP/Win8 fixes
Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010. That security bulletin only included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
As the SMBv1 is a protocol that comes built-in with all Windows versions, the computers which did not receive MS17-010 remained vulnerable to exploitation via Wana Decrypt0r's self-spreading package.
'Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download,' Microsoft said in a statement. 'This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.'
Researchers believe that Wana Decrypt0r — also referenced online as WCry, WannaCry, WannaCrypt, and WanaCrypt0r — infected over 141,000 computers.
While unconfirmed, many believe older Windows XP and Windows Server versions were the bulk of the infections pool, as they had no way to protect themselves.
Patch systems and disable SMBv1 where possible
Besides installing these out-of-band updates — available for download from here — Microsoft also advises companies and users to disable the SMBv1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3.
The current Wana Decrypt0r outbreak has been stopped last night after a security researcher found a kill switch. This is only temporary, as the attackers could release a new version of this threat. This is why patching the SMBv1 exploit is a better solution.
For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic. Bleeping Computer also published a technical analysis of the Wana Decrypt0r ransomware.
Related Articles:
Last week, an unprecedented ransomware attack began locking up thousands of computers in more than 150 countries. The so-called WannaCrypt malware leverages a Windows vulnerability known as EternalBlue that leaked last month when a group known as Shadow Brokers posted a bunch of hacking tools that allegedly belonged to the NSA. Microsoft issued a patch for the flaw in March, but many organizations failed to keep up or are running older versions of Windows for which Microsoft no longer issues patches.
But with some security experts estimating the number of infected systems at 200,000, Microsoft is taking the “highly unusual” step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.
Windows XP’s continued popularity and the fact that Microsoft hasn’t officially supported the operating system since 2014 makes it an obvious target for hackers. According to data analytics companies StatCounter and Net Applications, somewhere between 5% to 7% of Windows PCs still run XP.
As Ars Technica notes, this is possibly the first time ever that Microsoft has issued a patch for a product decommissioned so long ago. The last time that happened it was an emergency patch for Windows XP but merely a week after official support for the operating system ended in 2014.
Windows Update Security Patch
Microsoft says they are working with customers to provide additional assistance as this situation evolves, and that they’ve made this decision to patch unsupported version based on an assessment of the situation, with the principle of protecting their customer ecosystem overall.
You can download Microsoft’s WannaCrypt Hotfix for Windows XP, 8 and Windows Server 2003 here.