Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. The move is a bid to slow the spread of the WanaCrypt ransomware strain that infected tens of thousands of Windows computers virtually overnight this week.
On Friday, May 12, countless organizations around the world began fending off attacks from a ransomware strain variously known as WannaCrypt, WanaDecrypt and Wanna.Cry. Ransomware encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.
It quickly became apparent that Wanna was spreading with the help of a file-sharing vulnerability in Windows. Microsoft issued a patch to fix this flaw back in March 2017, but organizations running older, unsupported versions of Windows (such as Windows XP) were unable to apply the update because Microsoft no longer supplies security patches for those versions of Windows.
The software giant today made an exception to that policy after it became clear that many organizations hit hardest by Wanna were those still running older, unsupported versions of Windows.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” wrote Phillip Misner, principal security group manager at the Microsoft Security Response Center. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”
The update to address the file-sharing bug that Wanna is using to spread is now available for Windows XP, Windows 8, and Windows Server 2003 via the links at the bottom of this advisory.
On Friday, at least 16 hospitals in the United Kingdom were forced to divert emergency patients after computer systems there were infected with Wanna. According to multiple stories in the British media, approximately 90 percent of care facilities in the U.K.’s National Health Service are still using Windows XP – a 16-year-old operating system.
According to a tweet from Jakub Kroustek, a malware researcher with security firm Avast, the company’s software has detected more than 100,000 instances of the Wana ransomware.
For advice on how to harden your systems against ransomware, please see the tips in this post.