May 13, 2017

Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. The move is a bid to slow the spread of the WanaCrypt ransomware strain that infected tens of thousands of Windows computers virtually overnight this week.

A map tracking the global spread of the Wana ransomware strain. Image: Malwaretech.com.

A map tracking the global spread of the Wana ransomware strain. Image: Malwaretech.com.

On Friday, May 12, countless organizations around the world began fending off attacks from a ransomware strain variously known as WannaCrypt, WanaDecrypt and Wanna.Cry. Ransomware encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.

It quickly became apparent that Wanna was spreading with the help of a file-sharing vulnerability in Windows. Microsoft issued a patch to fix this flaw back in March 2017, but organizations running older, unsupported versions of Windows (such as Windows XP) were unable to apply the update because Microsoft no longer supplies security patches for those versions of Windows.

The software giant today made an exception to that policy after it became clear that many organizations hit hardest by Wanna were those still running older, unsupported versions of Windows.

“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” wrote Phillip Misner, principal security group manager at the Microsoft Security Response Center. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”

The update to address the file-sharing bug that Wanna is using to spread is now available for Windows XP, Windows 8, and Windows Server 2003 via the links at the bottom of this advisory.

On Friday, at least 16 hospitals in the United Kingdom were forced to divert emergency patients after computer systems there were infected with Wanna. According to multiple stories in the British media, approximately 90 percent of care facilities in the U.K.’s National Health Service are still using Windows XP – a 16-year-old operating system.

According to a tweet from Jakub Kroustek, a malware researcher with security firm Avast, the company’s software has detected more than 100,000 instances of the Wana ransomware.

For advice on how to harden your systems against ransomware, please see the tips in this post.


110 thoughts on “Microsoft Issues WanaCrypt Patch for Windows 8, XP

  1. Honest Abe

    I have Windows XP SP3. I downloaded the new Microsoft security patch for Windows XP SP3, ran it, and got the error, “Failed. This computer has a different
    version of Windows”.

    1. nicole price

      I have had the same problems. Microsoft doesn’t make it easy to find the right version of the right update either (or an all-or-nothing tool).

      Making it worse, the version of the update I need is no longer available due to the quantity of people trying to access them (network time out).

      I then read a blog that says disabling SMBv1 fixes the glitch. Google “Disable SMBv1”, and I was able to disable from windows control panel with out going to command line methods.

      1. Peter Selig

        Hello Eric,

        Thank you for your comment here.

        I think the method you have suggested here is an excellent way for people to obtain this patch directly, with the least possible complications. Thank you for that helpful method!

        G-d bless,
        Peter Selig

    2. Peter B in Florida

      There are two patches for XP – one is for the “embedded” version (XPe). Make sure you try to apply the right version of the patch – that could be why you’re getting that error message.

  2. WBain

    Why is no one address the fact that the whole problem, to begin with, is due to poor coding by Microsoft. Buffer over run issues are as old as the original DOS. Careless coding, poor quality control, should have been a wakeup call for MS long time ago.

    1. Beeker

      This is why MS is working on a new coding system to replace the DOS codes because it is so old and unwieldy.

  3. Eric M

    Why in the world isn’t Microsoft using Windows Update for this patch? I have tried every version of the Windows 7 patch, and it says all of them are the wrong version. Why am I having to figure out which version of this idiotic patch to install?

    1. Sam

      If you read the article this was addressed back in MARCH 2017. If you’ve been applying the monthly updates to your PC you are FINE. It’s those who don’t apply monthly patches or are using an old OS that have the issue.

      April and May updates have already been released, so you won’t be able to find the KB (KB4013389) installed on your system. (KB4013389) is actually an individual update, one of many rolled into the Security and Quality rolls ups Microsoft now pushes. https://technet.microsoft.com/library/security/MS17-010

      1. nicole price

        Sam, that’s all well and good. However, when I look through my patches and updates, I have far more “update failed” then I do “update successful”.

        The better part of security is to try and brute force the update…if it already existed and was applied, fine, but if it’s one of the many unsuccessful, you’ll know whether or not it took.

        1. Samuel Rose

          Well then shouldn’t you resolve your Windows Update issue so that when important patches like this come out at least you have them.

          The normal admin would clean there machine and ensure that everything is up to date.

  4. bankster

    service pack 3 has like 5000 patches.
    would you trust your doctor who keeps treating patient with that many patches?

    1. edinathens

      And SP3 is the third service pack of the series, so there’s actually more than 5000 patches to the original Windows XP O/S. I run Linux Mint on my desktop PC and avoid Windows related issues by default, not that Linux hasn’t had a few issues of its own.

  5. Angie

    I downloaded the Microsoft patch for Vista and it looked like it was hung up. I cancelled and re-downloaded. Got message can only download once. Is there a way to get the patch and be able to download it again on same computer?

    1. Peter Selig

      Hello Angie,

      Are you still needing help with this?

      If I am understanding your posts correctly, you have now been able to download Microsoft’s patch, but when you attempt to install the patch, it does not install correctly. Is that correct? If you still need help with this, please ask here-I am confident that the readers here would try to assist you.

      I would add a further comment, in case you are not aware of this. Windows Vista is no longer supported by Microsoft (in a similar way to which Windows XP is not). All support for Windows Vista by Microsoft ended on 11th April, 2017.

      This means that, for anyone, continuing to use a computer with Windows Vista is not safe/secure against the threat of malware/hacking/etc. and doing so carries risks which cannot be avoided. The risk is inherent in the fact that Microsoft is no longer ongoingly researching and addressing security flaws in Windows Vista, via the release of security-related patches. You should bear in mind that this security patch which Microsoft has released for Windows Vista/XP/Server 2003/2008, is a one-off patch Microsoft produced in response to the sudden, drastic impact of the WanaCrypt/WanaCry ransomware for many people. Microsoft will NOT be releasing regular further patches for Windows Vista after this one!

      G-d bless,
      Peter Selig

      1. Beeker

        Peter,
        While I agree with your assessment, it would be in Angie’s best interest to update the system as the support for Vista ended and like you said it is one off to fix the patch.
        This is where people get into trouble when they don’t update the system to plug the problem. MS have given people a year to update to 10 for free and most never took it like Angie did.

  6. bob

    I am so sick of these microsoft issues that crop up constantly due to microsoft’s obvious corporate agenda which seems to totally disregard their customers needs. So which patch works? Where do you find it (30 minutes looking so far)? Why put out a patch (or 500 in this case) and not give clear instructions on which version one should use. I guess your guess is as good as mine, eh? Enny Meany Mimey Moe. Why do we need to patch in the first place? If microsofts os code was good (how many years have they had to get it right?) we shouldn’t need to deal with all this bs in the first place!…If I was as incompetent as microsoft is with my customers I would be out of business! This is exactly why I am migrating to Mac.

  7. Phil Zito

    I work in the smart building industry and a lot of our customers refuse to upgrade their building automation systems from Windows 3.1 to a modern OS.

    They complain it is to expensive to keep the software up to date.

    I’m surprised we haven’t seen more building automation systems (which control HVAC, lighting, and access control) being hacked.

    I wrote an article to address this from a BAS point of view on my blog.

    http://buildingautomationmonthly.com/dont-patch-bas-youre-idiot/

  8. Angie

    Never mind. Re-downloaded and just get line going back and forth.

  9. Michael

    What about Windows 8 Embedded. The kb4012598 patch doesn’t seem to work…..

  10. Kat

    I am running Windows 7 Home Premium. If this is affected, I am having trouble figuring out which patch to use. Any help would be appreciated.

    Thanks!

  11. SBartsch

    Don’t know if good or bad… maybe this would be the last brick on the wall.

  12. Chris Pugson

    Users of Windows XP would probably wish to use Internet Explorer 8 to obtain the updates in question here. Alas, Internet Explorer 8 is no longer able to access the relevant parts of Microsoft’s website to access updates, presumably because of a Microsoft edict. I guess that many Windows XP users will find that the automatic update system is also broken.

    It does no inspire much confidence in Microsoft that its commodification of its operating systems is potentially harming those who are receiving medical treatment. I mean that Windows XP is home to many applications which will not run on later versions of Windows. These applications are often vital medical treatment systems but this is obviously of little consequence to Microsoft. Trying to force users of Windows XP to upgrade to later Windows versions for commercial reasons ignore the point of Windows which is to facilitate the use of computers for the benefit of people. Microsoft could have recognised this importance of Windows XP, especially in the medical environment. It has chosen not to. The problem will reoccur after 2020 when Windows 7 goes the same way as XP.

    Microsoft must be aware of the consequences to users of its planned obsolescence of Windows versions for its own commercial purposes. Users should look to migrate away from the mess that Microsoft Windows is becoming for the sake of long term continuity.

  13. Anon

    Mother in law running a cheap laptop with windows 7, May 22 update crashed windows. So nice.

  14. Angela

    I have tried on numerous occasions to install the security patch update for Windows Vista (I know that this is no longer supported by Microsoft…) but it just keeps trying to find the update.

    Beeker: You say that people had a year to upgrade to Windows 10 for free, but that was only for those already using Windows 7.

    Anyone any other ideas of how to get the patch to work?

Comments are closed.