Home / Software & Service News / Microsoft patches Windows XP to fight ‘WannaCrypt’ attacks

Microsoft patches Windows XP to fight ‘WannaCrypt’ attacks

Microsoft officially ended its support for most Windows XP computers back in 2014, but today it’s delivering one more public patch for the 16-year-old OS. As described in a post on its Windows Security blog, it’s taking this “highly unusual” step after customers worldwide including England’s National Health Service suffered a hit from “WannaCrypt” ransomware. Microsoft patched all of its currently supported systems to fix the flaw back in March, but now there’s an update available for unsupported systems too, including Windows XP, Windows 8 and Windows Server 2003, which you can grab here (note: if that link isn’t working then there are direct download links available in the Security blog post).

Of course, for home users, if you’re still running one of those old operating systems then yes, you should patch immediately — and follow up with an upgrade to something current. If you’re running a vulnerable system and can’t install the patch for some reason, Microsoft has two pieces of advice:

An additional blog post explains Microsoft’s analysis of how the malware spreads. On newer versions like Windows Vista, 7, 8.1 and 10, the March update tagged MS17-010 addresses the vulnerability it’s exploiting (that was revealed earlier this year by “The Shadow Brokers” when they leaked a stolen cache of NSA tools). While it’s not confirmed how the initial infections occurred, it’s believed the trojan horse was spread by email phishing links that drop the “EternalBlue” exploit released by The Shadow Brokers, as well as the WannaCrypt malware variant. Interestingly, it doesn’t even try to attack Windows 10, focusing solely on Windows 7/8 and earlier operating systems that are still vulnerable to the attack.

WannaCrypt ransom note

Once it’s on a computer, it goes on locking up the user’s files and arranging the ransom message. The spread of the initial release has actually stopped (after infecting more than 123,000 computers) because security researchers registered a domain that the malware checks before the infection starts. As long as the software finds it, a sort of killswitch engages and no encryption occurs. However, as @MalwareTechBlog notes, anyone could modify the attack to remove the killswitch and begin attacking computers again.

That’s because even without phishing links, another part of the exploit the searches out a vulnerable server component (SMBv1) on unpatched Windows machines and can infect them remotely. This probably won’t work across the internet for PCs behind a firewall or router, but if a server is connected directly to the internet, or a PC is on the same network as an infected computer, it can spread quickly — which is exactly what happened yesterday.

Source: Microsoft Security Update for Windows XP, 8 and Server 2003, Windows Security Blog

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

UK drone rules will require you to take safety tests

UK drone rules will require you to take safety tests

US officials might be easing up on drone regulations, but their UK counterparts are pushing forward. The British government has instituted rules that require you to not only register any robotic aircraft weighing over 250g (0.55lbs), but to take a "safety awareness" test to prove you understand the drone code. Regulators hope that this will lead to fewer drones flying over airports and otherwise causing havoc in British skies. Not that they're taking any chances -- the UK is also planning wider use of geofencing to prevent drones from flying into dangerous airspace.

The new rules come following a study highlighting the dangers of wayward drones. A smaller drone isn't necessarily safer than its larger alternatives, for example -- many of those more compact models have exposed rotors that can do a lot of damage. A drone weighing around 400 g (0.88lbs) can crack the windscreen of a helicopter, while all but the heaviest drones will have trouble cracking the windscreen of an airliner (and then only at speeds you'd expect beyond the airport). While you might not cause as much chaos as some have feared, you could still create a disaster using a compact drone.

It's nothing new to register drones, of course, and it doesn't appear to have dampened enthusiasm in the US. The test adds a wrinkle, though: how willing are you to buy a drone if you know you'll have to take a quiz? The test likely won't slow sales too much, if at all, but it could give people one more reason to pause before buying a drone on impulse. Manufacturers appear to be in favor of the new rulebook, at any rate -- DJI tells the BBC that the UK is striving for a "reasonable" solution that balances safety with a recognition of the advantages that drones can bring to public life.

Source: Gov.uk (1), (2)

css.php