Microsoft has released security updates for several unsupported versions of Microsoft Windows, including Windows XP, to block WannaCrypt ransomware attacks.
The ransomware WannaCrypt has been making the rounds in May 2017: it infects Windows machines, encrypts files, asks for ransomware, and spreads like a worm.
Microsoft published detailed information on the vulnerability on the new Malware Protection Center blog. According to the information, the attackers exploit te "recently" patched SMB EternalBlue vulnerability which sends custom packets to SMBv1 servers. Microsoft released patches for all supported versions of Windows on the March 2017 patch day.
While Microsoft did release patches for supported versions of Windows, it appears that the attackers did target Windows 7, Windows Server 2008 and earlier versions of Windows only.
The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.
In a surprising move, Microsoft released security patches for unsupported versions of the Windows operating system that patch the SMB vulnerability on devices running these versions of Windows as well.
Security Bulletin MS17-010 describes the security update that you may apply to unsupported versions of Windows as well now.
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.
Microsoft has not found evidence of the entry vector, but thinks the following two scenarios are highly possible
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploi
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines“
Microsoft released security updates for the following versions of Windows:
- Windows XP, Windows Vista, Windows 8
- Windows Server 2003, 2008, Windows XP Embedded
Administrators and users may download updates for affected operating systems from the Microsoft Update Catalog. Another option that administrators have is to disable the SMB functionality on machines to block exploits from targeting these systems successfully.
Unsupported versions of Windows have a sizable market share still. While stats are not 100% accurate, Net Market Share sees Windows XP at a market share of about 7% in April 2017, and Vista at about 0.70%. This means that every 14th or so device runs an unsupported client version of Windows. It is unclear how the situation looks like for Server operating systems.
Still, Microsoft's release of the patch ensures that companies, and home users, may patch their devices to protect them against the attack. One effect of patching systems is that this will also prevent the security threat from spreading faster or further.
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.
Now You: Are your devices patched? What's your take on Microsoft releasing patches for unsupported Windows editions?