Microsoft does not pay much attention to the security and privacy of Windows versions which have exited support for them. But, the Redmond giant had to resort to something ‘highly unusual’ to protect a major chunk of Windows 7, Windows 8 and Windows Server 2003 users. It has today released a security patch for these versions to prevent further damage from the massively damaging WannaCrypt ransomware.
It has today released a security patch for these versions, whose support ended around three odd years ago, to prevent further damage from the massively damaging WannaCrypt ransomware. It was released via the Shadow Broker’s data dump and has already spread to more than 100 countries across the globe, including India.
What’s worse is the fact that it has managed to bring multiple services — Britain’s health system, Spanish telecom firm Telefonica, etc. — to their knees. It is currently being said that about 45,000 attacks by the ransomware, which exploits a vulnerability in the Windows operating system to spread across networks on its own, have been recorded.
While Phillip Misner, Principal Security Group Manager Microsoft Security Response Center describes the situation as painful, it was extremely necessary for the company to take a firm decision. And it worked throughout the day to develop patches for versions of the Windows Defender software that can detect the ransomware and fight the same to protect your computer.
This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.
In addition, if you’re running any of the supported versions of Windows, especially Windows 10 then you’re completely safe from the ransomware attack. It won’t be able to exploit the vulnerability targetted by WannaCrypt because it is singularly targetted towards the unsupported Windows versions. This is because all newer versions such as Windows 7, 8.1, and 10 were patched earlier in March, through an update that was released to address the varied exploits disclosed by Shadow Brokers. Also, the blog post adds,
Our expert systems gave us visibility and context into this new attack as it happened, allowing Windows Defender Antivirus to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware.
There is currently no info about how the initial ransomware infections happened but Microsoft believes it may be through phishing emails which contain the Trojan Horse malware. Accessing the same would’ve activated the worm-spreading functionality with the EternalBlue vulnerability, which is being exploited by WannaCrypt ransomware.
Security researchers have already deployed failsafe measures to prevent further damage from this software. They’ve engaged a sort of killswitch to check for the ransomware and stop it from spreading then and there in the network. Thus, Microsoft has also decided to protect even its older customers, thus, update the Windows Defender engine to protect your computer. It’ll update automatically but you can induce the same or download the patch from here. If not accessible, you can choose to employ any of these two methods:
- Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously.
- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445
