reader comments
with 131 posters participating, including story authorMicrosoft Releases Windows Ransomware Patch, Blasts NSA for Malware Stockpile. By Chris Paoli. Those running older versions of Windows should apply the patch as soon as possible. Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the WannaCry ransomware. Here's how to install it. You can download. Windows 10, which is known as the most secure Operating System, gets automatic updates, thus it is safe from being attacked. But the other Operating Systems like Windows XP, Windows 8 and Windows Server 2003 can now get security patch manually.
A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago.
Microsoft also rolled out a signature that allows its Windows Defender antivirus engine to provide 'defense-in-depth' protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as 'WCry' or 'WannaCrypt.' Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients while telecoms, banks, and companies such as FedEx were forced to turn off computers for the weekend.Ransomware Windows Patch Download
The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.) Friday's events made it clear that enough unpatched systems exist to cause significant outbreaks that could happen again in the coming days or months. In a blog post published late Friday night, Microsoft officials wrote:
Ransomware Windows Patch Downloads
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download here.
This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.
This is possibly the first time ever that Microsoft has issued a patch for a product decommissioned so long ago. While the company issued an emergency patch for Windows XP in 2014, it came the same week support for that version ended, making the exception seem less unusual. This time around, the emergency patches are being applied to OS versions that Microsoft stopped supporting as many as three years ago.Crucial entry point still missing
Microsoft announced the patches around the same time it said it still doesn't know what the precise starting point was for Friday's WCry outbreak. One of the key questions circulating once Friday's viral outbreak appeared to be contained was how did the self-replicating worm first gain entry so it could go on to spread from vulnerable machine to vulnerable machine.
Windows Ransomware Fix
At least two security firms—FOX-IT here and CrowdStrike here—said spam that sent fake invoices to end users provided the crucial initial vector to seed the self-replicating attack, but none of the three companies have produced copies. Some researchers doubted a generic e-mail campaign could have been the sole initial vector without leaving a mountain of evidence that would have surfaced by now. In a blog post published Friday night, Microsoft officials wrote:
We haven't found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
The blog post went on to say that the worm 'executes massive scanning on Internet IP addresses to find and infect other vulnerable computers.'
FOX-IT also said in its blog post that 'there appear to be multiple infection vectors,' but the post didn't elaborate. Maarten van Dantzig, a researcher with FOX-IT, said on Twitter here and here that he suspects e-mail was the initial vector for some, but not all, of the outbreaks. Researchers from Cisco Systems Talos group went even further, writing: 'Our research does not yet support that e-mail was the initial infection vector. Analysis is ongoing.'
The possibility that ransomware can spread virally across the Internet without any form of end-user interaction is a chilling prospect. Internet-wide scans performed in recent weeks show that as many as 2.3 million computers have the necessary port 445 exposed to the Internet. Those scans also reveal that 1.3 million Windows machines haven't been patched.
People who are running unpatched machines should take action immediately. The best measure is to patch the vulnerability using this link for supported versions or this one for XP, 8, and Server 2003. Those who can't patch should ensure their computers are locked down by, among other things, blocking outside access to ports 138, 139, and 445. They should also disable version 1 of the Server Message Block protocol.
Friday's attack could have been much worse, had the perpetrators not slipped up by failing to register an Internet domain that was hardcoded into their exploit as a sort of 'kill switch' they could activate if they wanted to shut down the worm. That made it possible for a quick-acting researcher to register the domain and stop much of the attack just as it was gaining momentum.
Ransomware Windows Xp Patch Download
A new attack could come at any time. Next time, defenders may not be so lucky. As Microsoft's blog posts makes clear, vulnerable machines aren't only a danger to themselves, but to the entire world at large.
From out of nowhere, new ransomware called WannaCrypt ripped through computers worldwide this week. WannaCrypt spread incredibly quickly, worming its way from machine to machine by exploiting a networking vulnerability that Microsoft had patched back in February.How did the malware manage to spread if Microsoft had already shipped a Windows update that fixed the vulnerability WannaCrypt was exploiting? Because not everyone installs those updates in a timely manner. In corporate and government environments, for example, updates are often delayed for a long, long time.
There's often a good reason to hold off. Pushing the install button on a Windows update could have unintended consequences, and IT folks need time to make sure nothing's going to break or at the very least that such breakage can be easily fixed.
There are also a lot of computers in use that simply couldn't install Microsoft's update. That's because they were running operating systems that Microsoft no longer supported, like Windows XP.
From out of nowhere, new ransomware called WannaCrypt ripped through computers worldwide this week. WannaCrypt spread incredibly quickly, worming its way from machine to machine by exploiting a networking vulnerability that Microsoft had patched back in February.
The WannaCrypt ransom screen/Image: Microsoft
MicrosoftWannaCrypt infected thousands of computers, and some very high-profile targets were hit. Russia's Ministry of Internal Affairs reported more than 1,000 infections. The U.K.'s National Health Service was torpedoed, too, and had to put life-saving surgeries on hold. Spanish telecom provider Telefonica sent employees home after the infection tore through its offices.
How did the malware manage to spread if Microsoft had already shipped a Windows update that fixed the vulnerability WannaCrypt was exploiting? Because not everyone installs those updates in a timely manner. In corporate and government environments, for example, updates are often delayed for a long, long time.
There's often a good reason to hold off. Pushing the install button on a Windows update could have unintended consequences, and IT folks need time to make sure nothing's going to break or at the very least that such breakage can be easily fixed.
There are also a lot of computers in use that simply couldn't install Microsoft's update. That's because they were running operating systems that Microsoft no longer supported, like Windows XP.
Free Windows Patch Download
Microsoft finally stopped delivering patches for Windows XP back in 2014 after an amazing 14-year run, but the company has taken an extraordinary step this week. To prevent WannaCrypt -- and any future copycat ransomware -- from exploiting the vulnerability they described here, Windows updates are being pushed to several out-of-date operating systems.
Patches are now available for the 16-year-old Windows XP, Windows XP Embedded (which is still used in things like ATMs and point-of-sale systems), and Windows Server 2003. It's an extraordinary move by Microsoft, but one that was clearly justified.
Download Ransomware Patch For Windows 10
If you need to patch an older system, you can download the update here. Microsoft will also walk you through disabling the feature WannaCrypt used to spread, SMB version 1. Don't worry, there's a very good chance that you won't notice anything different after turning it off. Just follow the steps posted on the Microsoft Support site.