As you may have heard, a massive ransomware attack has infected PCs in at least 99 countries. But Microsoft says that it had already fixed the vulnerability that enabled this attack. Meaning that the PCs that were successfully attacked had not been updated in a timely manner.
“On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed,” a Microsoft Malware Protection Center blog post notes. “While security updates are automatically applied [to] most computers, some users and enterprises may delay deployment of patches. Unfortunately, the malware, known as WannaCrypt, appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
In case you missed the implicit admonition there, Microsoft has switched Windows 10 to a servicing model it calls Windows as a Service, or WaaS, the idea being that it’s only possible to keep all Windows users safe if all Windows users keep their PCs up-to-date with security fixes. Under this system, all Windows 10 PCs are kept up-to-date … unless they are in larger businesses, which still have the option to delay updates for many months. It is these businesses—and those with older Windows PCs who likewise don’t update them in a timely manner–that are at fault for the success of this attack.
The security fix in question, MS17-010, was released two months ago, in March. The ransomware, called WannaCrypt, targets the security vulnerability that was fixed by that update and
While I’m a bit mixed on blaming customers for this issue, it’s interesting that WannaCrypt doesn’t actually spread all that quickly, and it doesn’t use social networking to trick users into doing something stupid. It just targets PCs that were not updated correctly. Had those customers kept their PCs up-to-date with just security fixes, this attack would have been a non-event, Microsoft says.
“Microsoft antimalware telemetry immediately picked up signs of this campaign,” the Microsoft post explains. “Our expert systems gave us visibility and context into this new attack as it happened, allowing Windows Defender Antivirus to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware.”
Like other ransomware attacks, WannaCrypt encrypts the PC’s hard drive, preventing the user from accessing their own data. After decrypting a few files to prove what happened, it then presents a ransom demand: “Pay now, if you want to decrypt ALL your files!”
To prevent this attack from succeeding, all you have to do is keep your PC up-to-date: This vulnerability was fixed two months ago. And Microsoft, in an unprecedented move, is even patching Windows XP, which is no longer supported. (Talk about not keeping your PC up-to-date.)
I’m still researching whether there is an established method to remove this ransomware from your PC if you have been compromised.
skane2600
<blockquote><a href="#116484"><em>In reply to emanon2121:</em></a></blockquote><p>In this case they are going to patch XP as well, which is great. But it would be better if MS had a policy of continuing security updates even on very old version of Windows. Would it cost some money? Yes. Would it directly increase revenues? No. But there's an indirect benefit by being seen as protecting the customer and the cost is probably considerably less than what they have spent on failed initiatives such as buying Nokia. </p>
skane2600
<blockquote><a href="#116559"><em>In reply to skane2600:</em></a></blockquote><p>Apparently some people disagree with me, but the non-tech news outlets are just saying that this latest ransomware is possible due to a flaw in Windows. It doesn't say anything about people using unsupported old versions. This is a major hit against Microsoft's reputation and it doesn't matter much what tech-savvy people think, </p>
skane2600
<blockquote><a href="#116883"><em>In reply to normcf:</em></a></blockquote><p>I'm not sure that's correct, but if it was, it was probably assumed by the press and the general public that computers == Windows. The majority probably never heard of linux or unix so their reputations were never in danger.</p>
skane2600
<blockquote><a href="#116914"><em>In reply to lvthunder:</em></a></blockquote><p>The decision should be driven by what percentage of customers are still using it. My belief is that a business should not be focused on what their customers "should" do, but on what they actually do. So MS would need to consider the cost of continued security updates to XP vs the cost to their reputation if they don't. </p>
skane2600
<blockquote><a href="#116488"><em>In reply to MikeGalos:</em></a></blockquote><p>Yes, Penny Wise and Pound Foolish seems to be the pattern when it comes to government spending these days. Of course, in the US military spending has the opposite problem – nearly unlimited money to fund "defense" systems that are never going to work. The problem is a contractor can still make a ton of money developing a system whether it works or not.</p>
skane2600
<blockquote><a href="#116531"><em>In reply to matsan:</em></a></blockquote><p>It depends. If the NSA went looking for these vulnerabilities with the intent to take advantage of them that would be quite different than trying to do a public service. There's no guarantee that just because one group or individual discovered a flaw, that others will find it as well ( a number of flaws went undiscovered for a decade even with the source code available). </p><p><br></p><p>So it's really a balance of risk – the risk of a 3rd party exploiting an unreported flaw vs the risk of a 3rd party exploiting a reported flaw that they wouldn't have known about otherwise. I imagine that some vulnerability hunters aren't always motivated strictly for the greater good but would like to get credit for their discoveries ASAP.</p>
Delmont
<blockquote><a href="#116500"><em>In reply to dhallman:</em></a></blockquote><p>Jesus, I'm glad you don't support I.T. where I work. You'd be fired with this mess of a story.</p>