Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. The move is a bid to slow the spread of the WanaCrypt ransomware strain that infected tens of thousands of Windows computers virtually overnight this week.
On Friday, May 12, countless organizations around the world began fending off attacks from a ransomware strain variously known as WannaCrypt, WanaDecrypt and Wanna.Cry. Ransomware encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.
It quickly became apparent that Wanna was spreading with the help of a file-sharing vulnerability in Windows. Microsoft issued a patch to fix this flaw back in March 2017, but organizations running older, unsupported versions of Windows (such as Windows XP) were unable to apply the update because Microsoft no longer supplies security patches for those versions of Windows.
The software giant today made an exception to that policy after it became clear that many organizations hit hardest by Wanna were those still running older, unsupported versions of Windows.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” wrote Phillip Misner, principal security group manager at the Microsoft Security Response Center. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”
The update to address the file-sharing bug that Wanna is using to spread is now available for Windows XP, Windows 8, and Windows Server 2003 via the links at the bottom of this advisory.
On Friday, at least 16 hospitals in the United Kingdom were forced to divert emergency patients after computer systems there were infected with Wanna. According to multiple stories in the British media, approximately 90 percent of care facilities in the U.K.’s National Health Service are still using Windows XP – a 16-year-old operating system.
According to a tweet from Jakub Kroustek, a malware researcher with security firm Avast, the company’s software has detected more than 100,000 instances of the Wana ransomware.
For advice on how to harden your systems against ransomware, please see the tips in this post.
The links from the Microsoft advisory, you mentioned above in, “… and Windows Server 2003 via the links at the bottom of .”, do not all work. Specifically on Microsoft’s site I wrote, (in a comment that needs to be moderated yet):
The link does NOT WORK for: “SMBv1 attacks”, from the line, “… to further protect against , customers should consider blocking legacy protocols on their networks”.
The reference link given here to: “https://aka.ms/disablesmb1″ will not work in some browsers, even with javascript enabled.
INSTEAD, please correct the article to:
— Also include the plain text reference link ” https://aka.ms/disablesmb1 ” and tell users to copy and paste this into another browser like IE or Edge.
— Also include the real link to “How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server”, using the real article’s URL : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
Note that you cannot disable SMB1 in Server 2003 as that’s the only version of SMB that that system supports.
https://blogs.technet.microsoft.com/josebda/2015/04/21/the-deprecation-of-smb1-you-should-be-planning-to-get-rid-of-this-old-smb-dialect/
Props to MS for doing the right thing. Windows 10 user.
Why does Microsoft con tune to get away making this CRAP?
Kevin Beaumont said that WannaCrypt variant he analyzed didn’t work under Windows XP:
https://twitter.com/GossiTheDog/status/863339558364229634
https://twitter.com/GossiTheDog/status/863100619242053632
Interesting. So why does MS issue a patch for Win XP? I smell a rat. Most probably, after having installed that “patch” XP is not going to work at all. Convenient way for MS to force XP user to upgrade. I am not going to install that “patch”.
There are customers paying lots of $$$ for security updates to XP and Server03, but those updates are private and not available for public download. They decided to make this one public due to the seriousness of the situation.
Good faith measures from M$!?!?
… First Linux available thru their store this week.
… … Now patches for nearly 20 year old defunct software.
The suits must be listening.
Why were such critical computers still on XP in the first place?
You must not be familiar with “inertia.”
It depends on the software that is used. Some legacy apps won’t run well on a newer system. And yeah those should be fixed/updated, etc, but in some cases that isn’t possible as the original vendor is no longer around.
We have a couple of Server03 boxes lying around that we still use – mainly as file servers. Upgrading requires an OS reinstall since they are currently on a 32-bit version of server 03, and there is no upgrade path beyond the Vista version of Server. So each one needs to be carefully analyzed to see what it does that is still needed, and then a migration plan needs to be developed. If you aren’t using them as file servers, I guess you could just disable SMB.
I’m currently working on upgrading client Dell 2900 servers from Windows Server 2003 to 2012. The hardware part is simple. The firmware, software, and application migration is quite the headache, precisely for the reasons you mention. Something as simple as am updated print driver installation, or lack thereof, can cause hours of troubleshooting. Hence clients keep what they have…
Because many of those hospital systems are interconnected to systems that have not been updated in years that they are dependent on. Those old secondary systems are not certified to work with Windows 10. I have a coworker that must continue to use Windows XP because of a massive Access database that she must use with patient information. Lots of regulations required when handling patient info.
A lot of government systems are outdated. In their attempt to support other legacy apps often times they require IE6, WinXP ancient Java. Back in 2009/2010 the UK said it was too expensive to upgrade to IE8 despite zero days.
It is hard enough in a large company to get all of your systems running current OS due to legacy support issues and shadow IT. That being said, if I had a segment of Windows XP machines that absolutely could not be updated, I would definitely have them on a wired network with very strict segmentation enforced by NAC with no internet access.
Would be nice to know root cause on how the malware got into the NHS systems. Most likely “business/bureaucrats” demanding nonsensical features from some understaffed / underfunded security group who is now not allowed to say I told you so.
In the case of the British NIH, the UK coalition government paid for an extra year of XP support in 2014. Following the 2015 election, which yielded a conservative government, cutting public spending and reducing taxes became the way. Funding for the NIH failed to keep pace with growing costs of an aging population (some would say it was excessive immigration) and XP replacement slowed or stopped. Some estimates say Xp is still 90% of the client base. Luckily at least some NIH Trusts are using MIS software that stores all patient data on non-Windows servers, so reimaging the XP clients should restore basic functionality for them. All the locally stored cheat sheets, phone number lists, reminders, etc. are gone of course.
unfortunately they weren’t still using XP, or they might have avoided this altogether;
https://twitter.com/GossiTheDog/status/863339558364229634
Security through obsolescence perhaps. Three years on from cessation of XP support, I am yet to experience a single security incident in those thousand plus days. Not a hint of any attempt at intrusion is betrayed by my defences. XP has been exposed to the hazards of the Internet for probably a couple of thousand hours since April 9 2014 and all is still quiet on the Western Front.
Hurray for Agnitum Outpost Firewall Pro 9.3, Panda Free Antivirus and Malwarebytes Anti-Exploit plus a myriad tweaks and restrictions I have discovered or contrived since 2001.
I hasten to add that I most definitely do NOT use XP for sensitive or critical purposes where privacy and security needs are paramount and Internet Explorer is completely retired.
Outpost Firewall Pro was a software-based personal firewall package developed by Agnitum (founded in 1999 in St. Petersburg, Russia). This product is no longer available. Both the freeware and paid versions were terminated December 2015. Agnitum was acquired by Yandex for the exclusive use as an internal part of Yandex Browser. Updates and support have been terminated effective December 2016. Outpost Security Suite was also terminated at the same time. A visit to the Agnitum website[2] or the Outpost Community Support website unofficial Outpost users forum states “Agnitum terminates direct and partner sales of the Outpost product line”.
~ https://en.wikipedia.org/wiki/Outpost_Firewall_Pro
Too bad…
From Talos intelligence blog
Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
In accordance with known best practices, any organization who has SMB publically accessible via the internet (ports 139, 445) should immediately block inbound traffic.
I have a hard time imagining anyone intentionally exposing SMB to the regular internet. I suppose it could happen somewhere or another, but still….
I have seen it done usually on accident. Another vector though appears to be laptops getting infected on public WiFi or at home then bringing it into the office and contaminating the local network over 139/445. If you think of the unmanaged BYOD world interfacing with what should be a completely segmented/locked down network that is vulnerable, frightening.
If you run an SMB or location with open wireless and have an extra workstation around, check out Security Onion by Doug Burks. Free network security monitor on an Ubuntu distro, well put together and DEEP visibility into what is on your network. Get a cheap network tap and run it for a few days to see the junk that permeates on BYOD or low security networks.
The only protection form this was to have
1) no external access and no rogue devices,
2) be fully patched, or
3) have the right AV/EDR to block the attack at the client or the right web filter to block call back to c2 for encryption keys.
Otherwise hope you have good backups.
Keeping everyone safe:
Every PC is networked, so unless most everyone keeps their systems safe, we are all at risk for some types of malware. This includes those that don’t patch and those like XP that seldom have patches available.
Even if available however, it is almost impossible to get most everyone to patch critical exploits, or teach enough users how to be safe. Without automated systems to keep everyone safe, we are more vulnerable. A universal patching system is required that works both automatically, and on all systems.
Measles was eliminated from the US by vaccinating enough healthy people to make it nearly impossible to spread. That tipping point according to a Nova broadcast was about 97-98%. In France however, when over 3% were not vaccinated, it started to spread again.
Statistically, the Measles example has some parallels to spreading malware. As part of an overall strategy, by keeping the number of vulnerable PCs below some number confers some protection for us all, and complete protection for those PCs, from that strain of malware.
I’ve worked on PCs that weren’t networked. For instance, dedicated PCs in a lab running old software to interface with machines. Some have no need to be networked and aren’t.
I don’t know if it was purely circumstance or associated with this wave of malware infestations, but in the past two days I’ve received about 10 different spam messages pushing or touting a weight-loss program whose full header information and non-ASCII message body (no attachment) seemed to rely upon AppleMail or InfrawareMail for their preparation which all originated from servers in South, East and Central Asian countries. As usual, I forwarded the details from each to US-Cert and APWG, and hope someone gets a handle on the outbreak. I’m a bit cheered by this morning’s news that someone temporarily shut it down by registering the fake domain used by the malware which triggered its kill switch.
https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
Why there is MS Office issue when it comes to Windows XP? Why can’t developer’s fix it? when will it solve?
I was curious how Windows 8 could already have reached the end of its support lifecycle.
In general, MS doesn’t support a product for more than 2 years past its service pack release [1]:
> When a new service pack is released, Microsoft provides either 12 or 24 months of support for the previous service pack, varying according to the product family (for example, Windows, Office, Servers, or Developer tools).
In short, Windows 8 users were expected to update to Windows 8.1, which does have another year or so [2] of support.
You can read about it in pretty much any article [3] from Jan 2016 when this happened:
> “With the General Availability of Windows 8.1, customers on Windows 8 have 2 years, until January 12, 2016, to move to Windows 8.1 in order to remain supported,” the FAQ states.
[1] https://support.microsoft.com/en-us/help/17138/service-pack-lifecycle-policy
[2] https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
[3] https://redmondmag.com/articles/2016/01/13/windows-8-loss-of-support.aspx
I’m sure glad that *somebody* explained what you just explained, because I was just about to ridicule Brian for this statement:
“Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. ”
I was goona say “Gee! Well, it’s a damn good thing that I’m running Windows 7, I guess! No need for special out-of-band patches here! :-)”
But I guess that the joke is on me for not knowing, till now, that Windows 8.0 has been taken off life-support.
It sure do seem bizzare… to me at least… that Windows 7 is still “supported” but Windows 8 ain’t, apparently.
Ron,
Windows 7 with no service packs applied is NOT supported. Windows 7 with the latest service pack, whatever that is, 3?, is supported for a few more years.
Hello Bob,
Thanks for your comment here.
For anyone who is not sure about this, the latest (and only) Service Pack for Windows 7 is Service Pack 1. I believe Microsoft announced, some years ago, that they would not issue any further Service Packs for Windows 7.
Regards,
Peter Selig
Chromebooks forever baby!
MalwareTech is a smart guy. Props to him.
His blog post in this issue is funny. He activated a nonexistent domain that was a hidden kill switch in the Malware. Then was concerned it might trigger the ransomware to release its payload. Then jumped for joy when he realized it killed the active malware. Talk about an empty roller coaster!
Empty=emotional.
A grateful public will now shower him with Bitcoins. 🙂
(I can’t help but like the guy. Unlike our new Dear Leader, DJT, he actually displays signs of that long-forgotten virtue called “appropriate modesty”. He humorously tweeted that he can now add to his resume “accidentally stopped a massive cyberattack”.)
Thanks Brian -great information as always. This was a significant event of ransomware…glad it was stopped. The information is out (thank you NSA) so it may only be a matter of time before more ransomware attacks are launched……hopefully not in the US.
Scott Schober
Author of Hacked Again
Pres/CEO of BVS
http://www.HackedAgain.com
Sorry, but I don’t think malware respects borders…
Another great article. Microsoft saw the light a little later than I would like for Windows XP and other older versions, but they did act.
There are commercial online backups that keep multiple versions in a way that should mean a nonecnrypted version is kept. I use one. These folks should advertise on your site. It is a good service.
I also backup to a server and copy these backed up files to other older (and very cheap) computers that are not turned on much, but I can get by with them if my main computer were compromised.
Hopefully most readers will not be victimized, but the best cure is a reasonable attempt at preserving a copy of the files before hand, and following safe computing practices.
Thank you again for keeping your readers informed.
Regarding keeping a backup on a separate, external drive, which is connected to my computer, do you know whether an infection could spread to that separate drive? Thanks.
Any external backup device that is kept connected to your computer could have its files encrypted if your computer is infected. In a network environment, any backups kept online could potentially be affected as well.
Could you give me more details as to what kind of backup software I should install. I know that it is too late to recovery any of my files. I also read that installing anti-malware software could prevent the ransomware from infecting my computer. The first google result that came up was this one. https://howtoremove.guide/wanna-decryptor-virus-ransomware-remove/ . Could you please let me know what your thoughts are.
Most Windows operating systems since Vista have their own built in backup programs. As far as anti-malware “preventing” these attacks – it is always a crap shoot whether they can actually prevent the latest versions. Going to web sites like ‘How to Geek’, and ‘mybleepingcomputer’ can educate you further on the best path forward for both your questions.
Multiple copies is good. But I’m waiting for malware that identifies online backup systems and cancels or otherwise muddles with their accounts (e.g. changing the email address+password).
“Microsoft saw the light a little later than I would like for Windows XP and other older versions, but they did act.”
Right, and now they are REALLY in a pickle! Now they are committed, FOREVER, based on precedent.
SCENE: The year, 2177, planetary outpost Tarus Ceti’ 4. First Officer Klabblatt briefs Captain Ubermann…
“Whew! We’re going to be alright after all! Microsoft just relented and issued another security patch for XP. Thank god! Now if we can just get these damn tribbles out of the air ducts…”
Talk about closing the barn door after the horse has escaped out also that Microsoft was able to generate a patch within a day. Obviously, it could easily have been putting the patches out all along, but instead he wants to drive people forward to new versions of the software that add features that many people do not want or need. It is well past time to completely re-think the shrinkwrap agreements, and freedom from liability. Millions of lives are being screwed up because behemoth sofware companies are too lazy/cheap to fix the security holes they created in their rush to sell bugware. That practice needs to end, yesterday.
XP has been around for a VERY long time. Microsoft gave fair warning and even backed off its retirement dates. Unfortunately large business and governments often times get painted into a corner on maintaining legacy systems due to difficulty in migrations or dependencies. Is there an expectation that MS retain a team of developers for MS-DOS 2.11? Kudos to MS for releasing the patch at all.
Linux and Ubuntu also have software lifecycles after which they stop supporting their OS, for example Ubuntu LTS are 5 years.
What you seem to be proposing is that Ford should keep the Model-T updated and street legal from production date forward, with no end date?
Individuals, companies and governments need to be responsible enough for their IT infrastructure to keep it on a currently supported OS platform. In the case that they cannot, then they need to take the appropriate steps to secure that environment. Specifically – segment and lock down the network so nothing like this gets introduced. Run a virtualized instance that if it gets owned, revert to snapshot (VDI). Run the vuln software in an emulator, etc.
Henry Ford is not at fault if someone driving a model-T gets killed in a traffic accident today.
+1. Wish I still had my up/downvoting plugin!
+1
Could not agree more. Well said!
Except that the comparison that’s most often made -as here – is between hardware and software and it’s not valid.
No-one is demanding that Microsoft should provide all users with updated hardware for all time (and pay for the shipping, presumably). But that seems lost on some people.
Software is a different matter, and distributing it is different too, so the real cost is in developing, implementing and testing solutions.
Microsoft continue to develop patches for XP and other OS and it would not be too much to ask for them to be made available to a wider audience (the distribution networks for all those annoying ads are already carrying orders of magnitude more traffic than patches would generate, I’m sure).
Some of us are not in a position to replace our hardware and/or software, although we can do our best to find software workarounds – at least, those of us who are tech savvy can.
For example, I maintain a comprehensive hosts file on my Mac, Windows and Linux PCs (it’s useful that all associated OS can use the same content) that contains domains I don’t want to visit. Ironically it’s actually easier to implement under XP than it is under more recent OS (permissions and all that). I’m on shakier ground with iOS and Android but I’m confident I can find a solution there too.
I could add unregistered domains as well (as I probably will), since AFAIK every OS checks locally before heading off out into more dangerous territory, which isn’t the best solution but it’s better than not being able to do anything.
I’ve explored using VMs (Microsoft refuse to support their earlier OS even with their own version of VM, but luckily there are free and commercial offerings that take up their slack) – which is how I discovered that Windows 8 and 10 will not run my legacy software and hardware – and that’s another path I’m treading.
I think I’m right in saying that NASA are still supporting extremely old hardware (Voyager spacecraft, launched in 1977) and have done so for much longer than Microsoft and others have done. It’s not impossible, just hard.
Now if Microsoft would take software they don’t want to support any more and put it into, ooh, say the public domain along with all supporting documentation, then maybe everyone would be a little better off…
+1
I was publicly humiliated when I tried to get the cyber world to approach their respective governments to outlaw the Bitcoin Exchange System – there were so many idiots shouting me down I gave up trying. I still affirm that WITHOUT BITCOINS none of this nightmare would have been possible.
Yes, billions of dollars should be spent throwing people in prison for using a service that has netted these criminals $26,000. Come on, be serious.
LOL, scams (such as Nigerian) were going on long before bitcoin. There’s now many alternatives to bitcoin. And western union money transfer are still happening in scams. It would still happen even without bitcoin, just not as easily.
Actually, bitcoins just make it easier for reporters to track criminal’s success.
Other means:
* prepaid credit cards
* prepaid non-credit cards (iTunes, etc)
* WesternUnion
Before you made that comment about “idiots”, did you stop to look in the mirror?
Mobster Vito Corleone could never have built his huge criminal empire if it had not been for dollar bills. Solution: Outlaw dollar bills.
Dumb.
The only thing that outlawing bitcoins would even remotely have a chance of doing would be to slow down, a little, these kinds of small-time Internet thieves. The world’s big-time thieves would still be able to effectively launder their money through Belize, Panama, U.A.E. and Cyprus. (See the “Panama Papers” for more information.)
So are you selectively prejudiced against small business, or what? Do you think that only big fish like Najib Razak should be allowed to steal?
And before you get all hot about Bitcoins facilitating crime, please tell us what ever happened to the $8 billion (with a “b”) that was dumped, in nicely shrink-wrapped pallets full of CASH, from C-130 transport planes, into Iraq, never to be seen or heard from ever again.
Thanks Brian for the heads-up about the XP patch. I would not otherwise have been aware of it.
OK, so I’m downloading KB4012212 for Windows 7 to fix this thing. It’s 33.2 MB. Download speed is 5.8 KB/sec. I have 1.5 MB after an hour or so. What’s with that?
You might not be the only person downloading this. Just sayin.
Yup. Reminds me of dialup days.
I downloaded at 7AM this morning and had no difficulty. Despite the early hour, I bet a lot more people know about it now..
For Windows 7 this issue should have already been fixed by an update back in March! I believe the last four numbers of the KB were 2215. Just enter the KB number you are looking for in the search bar of the update history console of your PC, and follow the links, and it will bring you there. If you read on that site, or the Technet link, it should tell you what you want to know. Even if you did get that KB number downloaded and tried to execute it, there should be an error code that would lead to the same conclusion.
BaliRob: You are wrong. It’s like to forbid selling of knives, since it’s capable of taking human life.
BitCoin in this scenario is only a tool that helps the attackers, like a knife to rob you, not the real problem.
What about windows 7? I work for a school district that maddeningly uses win 7. I hate having to bring work home because I don’t feel secure and/or want the features of win 10, but now I’m terrifed our fossil tech monkeys will get us into a ransom mess.
Windows 7 is still currently supported by Microsoft until 2020 I believe, so those systems should already have the patch.
Brian, I know this might be over some if not most readers’ heads, but it might be worth adding info about how Snort/Intrusion Prevention System rules could have stopped many if not all of the SMB attacks. It may not have stopped the initial malware infection, but it would have prevented the attacks from spreading over a network.
For example, I run a few legacy applications that require Windows XP. All my machines run current HIPS, and I have a network appliance with Snort definitions (Sophos Home UTM). As a result, I am mostly, if not wholly immune, even with that have not been patched in over three years.
even with an OS that has not been patched in over three years*
I blame autocorrect…..
I am -very- pleasantly surprised by this. I won’t say where I work exactly, but I work in a datacenter hosting servers for about 35 different customers. We were talking about this ransomware outbreak all night Friday night, because I’m part of the team that oversees server patching. We were all very worried about the alarmingly high number of 2003 servers still in our customer’s environments. I’m relieved to see that Microsoft has helped ease that concern by releasing this. I’m sure I will be very involved in making sure all of our 2003 servers are patched over the next few weeks.
FYI: There are now reports of versions of this thing that do not have what some have called a “kill switch” (the person that discovered it believes it to be an anti-sandboxing feature).
The kill switch thing only bought us a day or two.
26,000 / 300 = 86.66
26,000 / 100 (number who paid when the total was $26k) = ~ $260.
We’re missing the real objective of the malware.
This SMBv1 backdoor Microsoft left in their software is the same thing as a previous backdoor having to do with image processing by the kernel that had been in their software for over 20 years. Whenever you see the eastern Europeans release something this destructive, it’s done with approval from the Russian Government which is really a crime syndicate. Long story short, the only reason I can think of that someone would release network enabled malware like this is to force companies to patch their infrastructure which in turn, like the leaking of the Government Personnel database, would shut down a lot of espionage operations going on. From my perspective, that is the only speculation that makes any sense. Should be interesting over the next 6 months to see what happens with all of these state sponsored exploits.
Go to the actual problem. Why does the NSA have these tools. Why did they fail to protect downloading of the hacking tools. Why did they not advise the software co’s of the immanent problem. Yet they intrude into normal law abiding citizen’s mail, phones and internet. How many terrorists or plots have been stopped or apprehended compared to the amount of systems which have now been affected. Yahoo’s glitch is nothing. What else was in that box of goodies maybe 100 times worse.
Nail the NSA.
“Nail the NSA.”
I’m one of those people who thinks that quite a lot of what the NSA continues to do TO AMERICANS to this very day, including scooping up virtually ALL of our Internet traffic, is a grotesque violation of the Fourth Amendment, but…
NSA didn’t create these bugs. They just exploited them, as part of what the NSA believes is its mission, i.e. to be able to get into anything anywhere, anytime, whether it’s an Internet-connected server or a sooper-secret message written by a 9-year-old in lemon juice. *Microsoft* created the bugs, which then passed unseen and undetected through all layers of Microsoft’s legendary inept QA processes.
The market demands features, features, and more features, and Microsoft, since its inception, has always been only too happy to provide all of the newest whiz-bang lame ass features that the lowest-common-idiot could ever think of a way to use (e.g. embedding executable code in emails… perhaps the single stoopidest invention of all time), and it provides these to the hungry marketplace of dumbass consumers FAST. Actually doing proper engineering, *or* proper QA, on any of this stuff has always been a bit further down on the priority list of Microsoft, well behind MAKING MONEY FAST.
So whose fault is it really that we now live in a world where *a* government, and indeed where *any* government, and even a fair number of small-time criminals, can now pop open massive numbers of Internet-connected systems almost as easily as they can pop open a bottle of Heineken? I would argue that it’s the fault of all those folks who VOLUNTARILY (even if unthinkingly) actually gave money to Microsoft in exchange for ticking time bombs for all those years.
In short, to quote Pogo “We have met the enemy, and he is us.”
I think the ‘concept’ of [old] software is ridiculous.
Old DNA doesn’t simply stop working, old viruses and old bacteria do not answer to marketing claims.
Security is an ongoing thing.. and to think you can kill off a PC running XP or any other operating system is statistically impossible.
Thre is only abandonned and neglected software, or software intentioanly made more difficult to patch because of miguided ownership rights that are meant to given owners the choice to prevent “Improvements to their Software”.. and since malware “Improves” software for someone elses benefit.. even that tacit legal promise.. isn’t even enforcable.
OS Windows 8.1.
I have a dilemma (beyond being really inept with computers). I am entirely unable to run Windows Update—it hangs for several hours on searching. I’ve run troubleshooters and tried every fix I could find in forums to no avail.
There are instructions at https://www.bleepingcomputer.com/forums/t/632621/windows-update-stuck-checking-for-updates-forever/
for how to bypass Windows Update and install a single update. I was thinking this might work for installing the security patch.
PROBLEM: I tried to download the patch from the Microsoft catalog http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598.
There is no patch for Windows 8.1 there so I tried the Windows 8 patch. It starts by running the Standalone Installer, which generates the error message: “The update is not applicable to your computer.” So I can’t download the patch.
QUESTIONS:
1. How vulnerable am I to this Wanna Cry? I have Avast antivirus and its firewall. My Windows Defender is disabled.
2. Besides not opening unknown emails, how can I protect myself at this point? I’ve backed up all my files to an external hard drive. I am 100% dependent on my computer for my living. I also fear receiving a virus from unprotected clients so I need to take action.
THANKS FOR YOUR HELP!
I’m certainly no expert, but it seems to me reasonable for Windows 8.1 users to go into Programs and Features, Turn Windows Features on or off, then deselect “SMB 1.0/CIFS File Sharing Support.” On my machine this required a restart.
I *think* this prevents the further spread of the ransomware. And it might prevent its intrusion onto your system. A couple of quick Google searches did NOT reveal just what combinations of computers and services use this support.
I do almost no inter-computer sharing of data on my home network. There is no indication of a later version of SMB in my Windows Features list.
Why do some companies run old OSes?
One company I know has an application that was written for Windows 95, it will not run on a newer OS. It cost $10K for one license. The company that wrote it is no longer in business and no one has written a replacement application. They need this application for estimating bids for contract proposals.
This W95 computer is NEVER connected to the internet or to their corporate network. Files are moved via a USB flash drive.
Ever seen a computer controlled plasma cutter? Or building control system? A lot of them run on Windows XP.
Just to check I activated an old laptop with Windows XP and tried to get the update. Failed.
Downloaded the update on Windows 10 and put it on the laptop and tried again. Failed with error. “The update (KB4012598-x86) is for a different windows sytem”.
So, good try Microsoft but no cigar.
Jim – it might be the case that your XP is pre-SP3. You may need to update to the latest service pack (which I *think* can still be done online – you may need to search for a roll-up) before the patch will ‘take’.