13
May 17

Microsoft Issues WanaCrypt Patch for Windows 8, XP

Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. The move is a bid to slow the spread of the WanaCrypt ransomware strain that infected tens of thousands of Windows computers virtually overnight this week.

A map tracking the global spread of the Wana ransomware strain. Image: Malwaretech.com.

A map tracking the global spread of the Wana ransomware strain. Image: Malwaretech.com.

On Friday, May 12, countless organizations around the world began fending off attacks from a ransomware strain variously known as WannaCrypt, WanaDecrypt and Wanna.Cry. Ransomware encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.

It quickly became apparent that Wanna was spreading with the help of a file-sharing vulnerability in Windows. Microsoft issued a patch to fix this flaw back in March 2017, but organizations running older, unsupported versions of Windows (such as Windows XP) were unable to apply the update because Microsoft no longer supplies security patches for those versions of Windows.

The software giant today made an exception to that policy after it became clear that many organizations hit hardest by Wanna were those still running older, unsupported versions of Windows.

“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” wrote Phillip Misner, principal security group manager at the Microsoft Security Response Center. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”

The update to address the file-sharing bug that Wanna is using to spread is now available for Windows XP, Windows 8, and Windows Server 2003 via the links at the bottom of this advisory.

On Friday, at least 16 hospitals in the United Kingdom were forced to divert emergency patients after computer systems there were infected with Wanna. According to multiple stories in the British media, approximately 90 percent of care facilities in the U.K.’s National Health Service are still using Windows XP – a 16-year-old operating system.

According to a tweet from Jakub Kroustek, a malware researcher with security firm Avast, the company’s software has detected more than 100,000 instances of the Wana ransomware.

For advice on how to harden your systems against ransomware, please see the tips in this post.

Tags: , , , , ,

103 comments

  1. I have Windows XP SP3. I downloaded the new Microsoft security patch for Windows XP SP3, ran it, and got the error, “Failed. This computer has a different
    version of Windows”.

    • I have had the same problems. Microsoft doesn’t make it easy to find the right version of the right update either (or an all-or-nothing tool).

      Making it worse, the version of the update I need is no longer available due to the quantity of people trying to access them (network time out).

      I then read a blog that says disabling SMBv1 fixes the glitch. Google “Disable SMBv1”, and I was able to disable from windows control panel with out going to command line methods.

    • I had the same issue. Be sure to download the patches from here:
      http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

      It seems that Microsoft mixed the patches in the Download Center (where I downloaded the patch initially)

    • Peter B in Florida

      There are two patches for XP – one is for the “embedded” version (XPe). Make sure you try to apply the right version of the patch – that could be why you’re getting that error message.

    • >2017
      >Running XP
      Seriously WTF

  2. Why is no one address the fact that the whole problem, to begin with, is due to poor coding by Microsoft. Buffer over run issues are as old as the original DOS. Careless coding, poor quality control, should have been a wakeup call for MS long time ago.

    • This is why MS is working on a new coding system to replace the DOS codes because it is so old and unwieldy.

  3. Why in the world isn’t Microsoft using Windows Update for this patch? I have tried every version of the Windows 7 patch, and it says all of them are the wrong version. Why am I having to figure out which version of this idiotic patch to install?

    • If you read the article this was addressed back in MARCH 2017. If you’ve been applying the monthly updates to your PC you are FINE. It’s those who don’t apply monthly patches or are using an old OS that have the issue.

      April and May updates have already been released, so you won’t be able to find the KB (KB4013389) installed on your system. (KB4013389) is actually an individual update, one of many rolled into the Security and Quality rolls ups Microsoft now pushes. https://technet.microsoft.com/library/security/MS17-010

      • Sam, that’s all well and good. However, when I look through my patches and updates, I have far more “update failed” then I do “update successful”.

        The better part of security is to try and brute force the update…if it already existed and was applied, fine, but if it’s one of the many unsuccessful, you’ll know whether or not it took.

        • Well then shouldn’t you resolve your Windows Update issue so that when important patches like this come out at least you have them.

          The normal admin would clean there machine and ensure that everything is up to date.

  4. service pack 3 has like 5000 patches.
    would you trust your doctor who keeps treating patient with that many patches?

    • And SP3 is the third service pack of the series, so there’s actually more than 5000 patches to the original Windows XP O/S. I run Linux Mint on my desktop PC and avoid Windows related issues by default, not that Linux hasn’t had a few issues of its own.

  5. I downloaded the Microsoft patch for Vista and it looked like it was hung up. I cancelled and re-downloaded. Got message can only download once. Is there a way to get the patch and be able to download it again on same computer?

    • Hello Angie,

      Are you still needing help with this?

      If I am understanding your posts correctly, you have now been able to download Microsoft’s patch, but when you attempt to install the patch, it does not install correctly. Is that correct? If you still need help with this, please ask here-I am confident that the readers here would try to assist you.

      I would add a further comment, in case you are not aware of this. Windows Vista is no longer supported by Microsoft (in a similar way to which Windows XP is not). All support for Windows Vista by Microsoft ended on 11th April, 2017.

      This means that, for anyone, continuing to use a computer with Windows Vista is not safe/secure against the threat of malware/hacking/etc. and doing so carries risks which cannot be avoided. The risk is inherent in the fact that Microsoft is no longer ongoingly researching and addressing security flaws in Windows Vista, via the release of security-related patches. You should bear in mind that this security patch which Microsoft has released for Windows Vista/XP/Server 2003/2008, is a one-off patch Microsoft produced in response to the sudden, drastic impact of the WanaCrypt/WanaCry ransomware for many people. Microsoft will NOT be releasing regular further patches for Windows Vista after this one!

      G-d bless,
      Peter Selig

      • Peter,
        While I agree with your assessment, it would be in Angie’s best interest to update the system as the support for Vista ended and like you said it is one off to fix the patch.
        This is where people get into trouble when they don’t update the system to plug the problem. MS have given people a year to update to 10 for free and most never took it like Angie did.

  6. I am so sick of these microsoft issues that crop up constantly due to microsoft’s obvious corporate agenda which seems to totally disregard their customers needs. So which patch works? Where do you find it (30 minutes looking so far)? Why put out a patch (or 500 in this case) and not give clear instructions on which version one should use. I guess your guess is as good as mine, eh? Enny Meany Mimey Moe. Why do we need to patch in the first place? If microsofts os code was good (how many years have they had to get it right?) we shouldn’t need to deal with all this bs in the first place!…If I was as incompetent as microsoft is with my customers I would be out of business! This is exactly why I am migrating to Mac.

  7. I work in the smart building industry and a lot of our customers refuse to upgrade their building automation systems from Windows 3.1 to a modern OS.

    They complain it is to expensive to keep the software up to date.

    I’m surprised we haven’t seen more building automation systems (which control HVAC, lighting, and access control) being hacked.

    I wrote an article to address this from a BAS point of view on my blog.

    http://buildingautomationmonthly.com/dont-patch-bas-youre-idiot/

  8. Never mind. Re-downloaded and just get line going back and forth.

  9. What about Windows 8 Embedded. The kb4012598 patch doesn’t seem to work…..

  10. I am running Windows 7 Home Premium. If this is affected, I am having trouble figuring out which patch to use. Any help would be appreciated.

    Thanks!

  11. Don’t know if good or bad… maybe this would be the last brick on the wall.

  12. Microsoft really messed up the links – on May 15 I was unable to download the right patch for non-english version of win xp sp3

    But now the https://www.microsoft.com/en-us/download/details.aspx?id=55245 link gives the working variant. Thank you for article and comments.

Leave a comment