Microsoft Releases Emergency Patch for 'WannaCrypt' Ransomware
In response to the high-profile ransomware attack targeting an SMB v1 hole in older versions of Windows, Microsoft late last week released a fix.
Microsoft released Security Update KB4012598 on Friday to address the issue in older Windows OS and Windows Server editions, including Windows 8, Vista, XP and Windows Server 2003 and 2008. What's remarkable about this release is that it's the first time in over three years that Microsoft has released a security update for Windows XP.
"We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003," wrote Phillip Misner security group manager at the Microsoft Security Response Center (MSRM), in a blog posted on Friday.
Those running Windows 10, 8.1, 7, Vista SP2 or Windows Server 2008 SP2 or later are already protected from the ransomware, which had infected many systems worldwide threat thanks to bulletin MS-17-010, released in March. Due to the severity of the threat, which has already locked countless worldwide systems, those running older versions of Windows should apply the patch as soon as possible.
The malicious program "WannaCrypt," which demands a payment of Bitcoin to unlock an infected system, was part of a stockpile of exploits stolen from the National Security Agency earlier this year. In a blog posted on Sunday by Brad Smith, president and chief legal officer for Microsoft, he discussed that with the growing sophistication of cyberattacks, the practice of collecting malicious tools by the government has done more harm than good.
"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," wrote Smith. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today -- nation-state action and organized criminal action."
While the NSA has not commented on either the WannaCry attack or Microsoft's response, Tom Bossert, President Trump's Homeland Security advisor discussed at Monday's daily White House press briefing that the infection rate has been relatively low in the U.S. compared to overseas infection rates, and that no federal systems have been compromised. However, he did warn that following the patching advice from Microsoft and the FBI should be a top priority to stop the spread, which has hit a number of large-profile companies, including FedEx.
"While it would be satisfying to hold accountable those responsible for this hack -- something that we are working on quite seriously -- the worm is in the wild, so to speak at this point, and patching is the most important message as a result," said Bossert. "Despite appearing to be criminal activity intended to raise money, it appears that less than $70,000 has been paid in ransoms and we are not aware of payments that have led to any data recovery."