Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Place you can talk about other things not related to autopatcher.
Post Reply
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Microsoft has published an emergency update for Windows versions that are only getting custom support in order to block the ongoing attacks with the WannaCry ransomware (flagged by Microsoft as Ransom:Win32/WannaCrypt).

Windows XP, Windows 8, and Windows Server 2003 users can download the patch from the Microsoft Update Catalog, and the software giant recommends everyone to update their systems are soon as possible, given the growing number of attacks.

WannaCry infections were first spotted yesterday in Europe, with organizations in several countries, including the United Kingdom and Spain, being targeted. The British National Health System was severely hit by the ransomware, which late on Friday started spreading across the United States as well.

The infection is based on a Windows vulnerability originally owned by the NSA and that got leaked earlier this year by hacker group Shadow Brokers. Microsoft explained that Windows versions still getting support, including here Windows 7, 8.1, and 10, with the latest updates installed and the most recent Windows Defender virus definitions, are completely secure.

Avoid opening emails from untrusted sources

On the other hand, Windows XP, Windows Server 2003, and Windows 8 are no longer supported, and they didn’t get the most recent Windows updates, so Microsoft decided to publish this emergency patch, given the scale of this attack.

“We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download,” Microsoft explained.

“This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.”

The company goes on to state that some attacks were using phishing tactics with malicious attachments, so users should avoid opening these files, especially if they come from untrusted or unknown sources.


http://news.softpedia.com/news/microsof ... 5689.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

Windows XP Anti-WannaCry Ransomware Update KB4012598 Possibly Failing to Install

Microsoft rolled out a surprising patch for Windows XP a couple of days ago in order to block the WannaCry ransomware on this unsupported version of the operating system, but it turns out that not everyone can install it.

Some of our readers have reported issues when installing Windows XP update KB4012598, with a dialog displaying an error reading “The version of Windows you have installed does not match the update you are trying to install.”

The patch was downloaded from Microsoft’s servers, and as you can see in the screenshot attached to the article, it’s the Windows XP version running on a Windows XP system.

Downloading the wrong patch?

Several users are complaining of the same problem in a discussion on Microsoft’s Community forums, with some claiming that it might all be caused by the embedded versus non-embedded versions of Windows XP. This means that you should pay close attention to the patch you are downloading, though some users say that the problem occurs with the correct version of the update for their systems.

“I have been trying to install recommended update KB4012598 on my Windows XP SP3 Pro but when I click run after download the message pops up indicating ‘Version of Windows does not match update you're trying to install’ or words to that effect. I checked the version by clicking ‘Run,’ ‘winver.exe’ or whatever, and it confirms that I have Windows XP SP3 installed,” one user explains.

On the other hand, we’ve also received reports from other readers who said that this patch installed fine for them, so it’s very clear that if there’s indeed a problem, it’s not a widespread one.

Once again, you can try downloading the patches using these links, but you should double-check that you’re downloading the correct one for your system: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64.

http://news.softpedia.com/news/windows- ... 5711.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

Microsoft Blames the Government for WannaCry, Urges Windows Users to Update

Microsoft rolled out the first Windows XP update after three years in an attempt to protect customers from getting infected with WannaCry, and now the company says governments should treat vulnerabilities in a different way because civilians are the very first ones affected every time such an accident happens.

Thousands of computers across the world were infected since Friday with a new ransomware called WannaCry which locks down PCs and asks for a $300 ransom to restore access to files. The infection is based on a vulnerability that was stolen from the NSA earlier this year and which was published online by hacking group Shadow Brokers.

The affected organizations include state departments in several large countries, as well as health institutions like the British NHS. Microsoft said on Friday that systems running fully up-to-date versions of supported Windows were protected, and decided to also release an update for computers with older Windows versions, like XP and Server 2003, to block the ransomware.

In a statement today, Brad Smith, President and Chief Legal Officer at Microsoft, confirms that the exploit was patched on March 14 for Windows users, confirming that attacks are based on the NSA vulnerability that got leaked accidentally.

Update, update, update

Smith emphasizes that it’s critical for customers worldwide to update their systems to remain protected, explaining that while some organizations need time for testing, Microsoft is also spending more time to certify updates before shipping them.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past,” Smith explained.

Eventually, Smith also calls for governments to treat these issues seriously, pointing out that agencies should no longer create a “stockpile of vulnerabilities,” but instead report them to the vendor.

“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” he said.

One possible solution to prevent these cases in the future is to adopt a the Digital Geneva Convention that would make it a requirement for governments to report vulnerabilities to vendors, “rather than stockpile, sell, or exploit them.”

http://news.softpedia.com/news/microsof ... 5707.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

Customer Guidance for WannaCrypt attacks

May 12, 2017
Microsoft solution available to protect additional products

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Phillip Misner, Principal Security Group Manager Microsoft Security Response Center
Further resources:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/securit ... mware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/lib ... 7-010.aspx

https://docs.microsoft.com/en-us/msrc/c ... pt-attacks
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

UK Spy Chief Blames Microsoft for WannaCry as It Retired Windows XP “Too Soon”

Microsoft is the one to blame for the WannaCry ransomware infection, says former head of GCHQ Sir David Ormand, as the software giant pulled Windows XP too soon and left companies and organizations with no protection against this kind of threats.

In a letter to The Times, Ormand explains how Microsoft created an unnecessary risk for its customers, including here the British National Health Service (NHS) whose computers were compromised by WannaCry as well.

“Should Microsoft have stopped supporting Windows XP so soon, knowing that institutions had invested heavily in it (at the urging of the company at the time)?” he said.

WannaCry and Windows risks

WannaCry is a new type of ransomware based on a Windows vulnerability that was discovered and kept secret by the United States National Security Agency (NSA). Hacking group Shadow Brokers managed to steal the security flaw and decided to make it public earlier this year.

Microsoft patched the vulnerability with Windows security updates that were released according to its monthly update rollout called Patch Tuesday, so once the WannaCry outburst started, systems running full up-to-date Windows were completely secure.

On the other hand, systems that are no longer receiving support, as it’s the case of Windows XP, were left vulnerable to attacks, with Microsoft deciding to publish a dedicated patch for these versions when reports of the ransomware quickly spreading across the world were received.

Microsoft itself blamed the NSA for holding Windows vulnerabilities and not reporting them to the company, but UK’s Ormand says the Redmond-based software giant is at fault for putting everyone at risks.

And it’s all because it decided to pull support for Windows XP in April 2014. Launched in 2001, Windows XP no longer receives support since 2014, with the company offering custom support to companies that are yet to upgrade, including to the NHS, which however decided not to renew the contract last year.

Windows XP was originally projected to reach end of support in 2009, two years after the launch of Windows Vista, but Microsoft pushed it to extended support and provided security patches for an extra 5 years because it was still widely used at that time. In the last 12 months of support, however, the software giant repeatedly warned organizations and users of the incoming end of life, providing solutions, documentation, and support for migrating to newer Windows.
"NSA and companies at fault"

This is why Misha Govshteyn, founder and SVP at Alert Logic, thinks that Microsoft is not at fault for WannaCry, but only the NSA for not reporting the bug and companies for running old software.

“This is a classic game of news spin from all parties involved, but the GCHQ position is especially rich in alternative facts,” he said.

“If the NSA really wanted to be responsible, they would have contacted technology vendors shortly after they realised their toolkits were stolen. Doing so would have given technology companies more time to respond and consumers more time to patch. Instead, NSA chose to play the game of chicken with Shadow Brokers and allowed, of all people, Julian Assange to be the disclosing party. This is the least defensible decision in this whole saga.”

Despite end of support being reached more than 3 years ago, Windows XP remains the third most popular desktop OS worldwide with a share of nearly 7 percent.

http://news.softpedia.com/news/uk-spy-c ... 5760.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

WannaSmile Protects Windows Users Against WannaCry

WannaCry is unsurprisingly the hottest topic in technology news these days, and it’s no surprise why: hundreds of thousands of computers are already infected, and the number is growing as users across the world are extremely slow when it comes to installing patches and security software.

While the easiest way to remain protected is to simply update your Windows system, even if you are running an unsupported version of Windows thanks to Microsoft who released emergency patches for everyone, here’s another tool that could lend you a hand with that.

Called WannaSmile, this little script configures your computer to block WannaCry from reaching your computer with a series of tweaks based on the existing mitigation methods.

The kill-switch method

First and foremost, what WannaSmile can do is to disable SMB on your system, as this service is enabled by default and is being used by the ransomware to compromise a computer. Then, for systems that are connected to the Internet, it deploys a so-called kill-switch that involves editing the HOSTS file and adding Google’s IP to make sure the lock-down does not occur and skip the ransomware domain.

In the case of systems that are not connected to the Internet, the script comes with a special utility which creates a lightweight local web server and adds localhost instead of the Google IP, again with the purpose of blocking the locking of your files.

What’s important to know is that for systems that are connected to the Internet, the kill switch won’t work if the connection is not available at the time of running the script or if the kill-switch domain is down. Of course, you might need to configure additional rules in the firewall to allow it.

If this sounds too complicated for you, there’s the more convenient solution to simply patch your Windows system, with updates now available for every Windows version since Windows XP. You can download the Windows Security Update for WannaCry ransomware from Softpedia right now, regardless of your Windows version.

http://news.softpedia.com/news/wannasmi ... 5758.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

Microsoft Created the Windows XP Patch to Block WannaCry in February

The world is recovering from the WannaCry ransomware party, and everyone seems to be praising Microsoft for how fast it reacted to block the infection on systems that are no longer getting support, including here the still super-popular Windows XP.

Even though it reached end of support in April 2014, Windows XP received an emergency patch on Friday night in order to block WannaCry, as supported systems like Windows 7, 8.1, and 10 were already protected thanks to updates released earlier this year during the monthly Patch Tuesday cycle.

But according to a report from The Reg, the Windows XP patch that users received during the weekend was actually built in February, and this is an indication that Microsoft was aware of the vulnerability but only patched it for unsupported Windows versions when things went south.

Specifically, it appears that Microsoft was informed of the security vulnerability in January, with people familiar with the matter telling the company that a security flaw owned by the NSA was stolen and was likely to be published online. The software giant started work on a patch, and in March, so two months later, it shipped them to systems that still received support, namely Windows Vista, Windows 7, Windows 8.1, and Windows 10. This means that the patch was developed a few weeks before, most likely in February.

In April, however, hacking group Shadow Brokers decided to go public with the exploits stolen from the NSA, while in May the WannaCrypt ransomware started making the rounds after compromising thousands of computers using one of the leaked vulnerabilities.

Patches created in mid-February

The aforementioned source says the Windows XP patches were created on February 11, while the Windows 8 version was ready on February 13. Microsoft, however, held it back for public systems, as there was no indication that a large scale attack like WannaCry was supposed to start.

The patches, on the other hand, were released to customers paying for custom support, as Microsoft is still releasing updates in exchange for custom support licenses to enterprises paying a fortune just because they are yet to upgrade.

So last week, what Microsoft decided to do was to go public with a patch that it created for paying customers in February, and this is one of the reasons the reaction was so fast.

Can Microsoft be accused of publishing the update too late when the house was already on fire? It depends on whether you see the glass half full or half empty. In the end, Microsoft wasn’t by any means forced to patch unsupported systems, so even if it arrived at a later time, the update still came in very handy.

http://news.softpedia.com/news/microsof ... 5795.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

NSA Reported WannaCry Vulnerability to Microsoft After Using It for 5 Years

The WannaCry ransomware outburst is living proof that systems across the world need to be running the latest patches and supported operating system versions, but while Microsoft rolled out updates to block the exploit before the mass infection started, new information reveals some behind-the-scenes details.

A report from the Washington Post reveals that the NSA itself reported the vulnerability to Microsoft after discovering that a group of hackers managed to steal it from its systems.

The National Security Agency was hit by a cyberattack launched by Shadow Brokers last year, and the hackers managed to steal several exploits that the agency itself was using to break into Windows computers.

Since most of these exploits were based on unpatched vulnerabilities in Windows, leaking them online could have led to large-scale attacks, so in order to prevent this, the NSA itself reported the bugs to Microsoft to have them patched.

The agency, however, did this for its own good, as it was afraid that hackers might use the exploits against computers used by officials in the United States, including those belonging to the Department of Defense.

NSA used the flaw for 5 years

After being tipped off about the vulnerability, Microsoft developed a patch in mid-February and published it for supported Windows systems in March, with unsupported Windows versions getting the fix only if they were covered by a custom support license. After the massive ransomware infection started this month, Microsoft decided to release this patch for all users, including for those running Windows XP.

More worrying is that the NSA actually used the same vulnerability to hack into Windows systems for no less than 5 years before reporting it to Microsoft. And there’s a good chance that the flaw remained completely secret if the hackers didn’t break into NSA systems.

This is one of the reasons Microsoft criticized the NSA and government departments for not reporting security flaws to vendors, emphasizing that systems worldwide are made vulnerable just because they’re keeping major vulnerabilities for their own hacking programs.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action,” Microsoft said.

http://news.softpedia.com/news/nsa-repo ... 5827.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware

Post by Whatacrock »

Windows XP Users Can Remove WannaCry Infection Without Paying $300 Ransom

Windows XP was one of the Windows versions hit by the WannaCry ransomware, and despite the patch released by Microsoft, there were still thousands of computers that ended up infected.

And thanks to new software developed by French researcher Adrien Guinet, Windows XP users whose computers were compromised by WannaCry can remove the infection without having to pay the $300 ransom.

A tool that he posted on Github can search for the decryption key in the memory if the computer wasn’t rebooted after being infected, so if you already restarted the system and it then got locked down by WannaCrypt, this isn’t going to work.

If the aforementioned condition is met, the app can recover the prime numbers of the RSA private key that are being used by WannaCry to encrypt your files.

“It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory,” the researcher explains.

Only working on Windows XP

What’s important to note is that this application works exclusively on Windows XP, and the researcher says it hasn’t been tested on a different Windows version.

On the other hand, Windows XP systems that haven’t been infected just yet must deploy Microsoft’s patch that’s available even for unsupported versions of Windows.

The WannaCry ransomware is based on a vulnerability in all Windows versions that was stolen from the NSA and posted only by hacking group Shadow Brokers earlier this year. Microsoft patched all supported versions of Windows, including Vista, 7, 8.1, and 10 as part of the March Patch Tuesday, while Windows XP remained vulnerable to attacks as it’s no longer getting support.

After thousands of computers got infected, Microsoft decided to release the patch for Windows XP systems as well, thus publishing the first update in 3 years for the operating system launched in 2001.

http://news.softpedia.com/news/windows- ... 5852.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Post Reply