Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.
Wanna Cry Update
In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8—all of them operating systems for which it no longer provides mainstream support.
![Xp patch download Xp patch download](/uploads/1/3/3/2/133272037/941911908.jpg)
Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the WannaCry ransomware. Here's how to install it. You can download. May 15, 2017 Download Security Update for Windows XP SP3 (KB4012598) from Official Microsoft Download Center. Security Update for Windows XP SP3 (KB4012598) Important! Selecting a language below will dynamically change the complete page content to that language. Select Language. Windows XP Service Pack 3.
May 13, 2017 Tags: microsoft, Phillip Misner, Wana Decryptor, Wanna Decryptor, Wanna.Cry ransomware, Windows XP. Able to download Microsoft’s patch, but when you attempt to install the patch, it does not. Download Security Update for Windows XP SP3 (KB4012598) from Official Microsoft Download Center.
Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.
The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.
Computers infected with WannaCry will have their data encrypted, and display a ransom note demanding $300 or $600 in bitcoin to free the files.
Fortunately, Windows 10 customers were not targeted in Friday’s attack. In March, Microsoft patched the vulnerability that the ransomware exploits—but only for newer Windows systems. That’s left older Windows machines, or those users who failed to patch newer machines, vulnerable to Friday’s attack.
Researchers originally believed the ransomware was spread through attachments in email phishing campaigns. That no longer appears to be the case.
Once a vulnerable PC becomes infected, the computer will attempt to spread to other machines over the local network as well as over the internet. The ransomware will specifically scan for unpatched machines that have the Server Message Block vulnerability exposed.
Businesses can prevent this by disabling the Server Message Block protocol in vulnerable PCs. They can also use a firewall to block unrecognized internet traffic from accessing the networking ports the Server Message Block uses.
Fortunately, Friday’s ransomware attack may have been contained. A security researcher who goes by the name MalwareTech has activated a sort of kill-switch in WannaCry that stops it from spreading.
As a result, over 100,000 new infections were prevented, according to U.K.’s National Cyber Security Centre. But experts also warn that WannaCry’s developers may be working on other versions that won’t be easy to disable.
“It’s very important everyone understands that all they (the hackers) need to do is change some code and start again. Patch your systems now!” MalwareTech tweeted.
Unfortunately, the kill-switch’s activation will provide no relief to existing victims. The ransomware will persist on systems already infected.
Friday’s ransomware attack appears to have spread mainly in Europe and Asia, with Russia among those nations hardest hit, according to security researchers.
Security experts are advising victims to wait before paying the ransom. It’s possible that researchers will develop a free solution that can remove the infection.
This story was updated at 11:33 AM on May 15 to add and correct misinformation from researchers.
Microsoft solution available to protect additional products
Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
Details are below.
- In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
- For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
- This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).
Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.
This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.
Microsoft Patch For Wanna Cry
Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.
We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.
Update 5/22/2017: Today, we released an update to the Microsoft Malicious Software Removal Tool (MSRT) to detect and remove WannaCrypt malware. For customers that run Windows Update, the tool will detect and remove WannaCrypt and other prevalent malware infections. Customers can also manually download and run the tool by following the guidance here. The MSRT tool runs on all supported Windows machines where automatic updates are enabled, including those that aren’t running other Microsoft security products.
Phillip Misner, Principal Security Group Manager Microsoft Security Response Center
Further resources:
Wanna Cry Windows Patch
Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86,Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86,Windows 8 x64
Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64