Windows XP Barely Affected by WannaCry as Infections Failed with BSODs

Place you can talk about other things not related to autopatcher.
Post Reply
User avatar
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia

Windows XP Barely Affected by WannaCry as Infections Failed with BSODs

Post by Whatacrock »

Windows XP Barely Affected by WannaCry as Infections Failed with BSODs

Windows XP made the headlines a couple of days ago, after Microsoft rolled out an emergency patch to address a security vulnerability allowing the WannaCry ransomware to infect systems.

Based on a vulnerability stolen from the NSA and leaked to the web earlier this year, the WannaCry ransomware was aimed at all Windows versions, but Windows XP was a particular concern because it no longer receives support since April 2014.

Now a new research conducted by Kryptos reveals that even without the patch rolled out by Microsoft, compromising a Windows XP system was a very difficult to do, mostly because the ransomware failed to infect the system with a computer crash or a BSOD.

Kryptos performed a series of tests on unpatched Windows XP computers to determine how WannaCry compromised them, but in most of the cases, the ransomware failed to install and instead led to a system crash or a blue screen of death. After force rebooting the system, Windows XP systems were as clean as before, and another attempt to compromise them ended up with the same results.

Windows XP only vulnerable to direct infections

The only way to infect Windows XP with ransomware was to execute the WannaCry binary on the host, but other than that, the operating system was mostly immune to the infection.

“The Windows XP systems are vulnerable to ETERNALBLUE, but the exploit as implemented in WannaCry does not seem to reliably deploy DOUBLEPULSAR and achieve proper RCE, instead simply hard crashing our test machines. The worst case scenario, and likely scenario, is that WannaCry caused many unexplained blue-screen-of-death crashes,” Kryptos explains.

Kryptos’ findings align with statistics posted by Kaspersky last week and revealing that Windows 7 was the main operating system that was targeted by WannaCry ransomware, with Windows XP infections “mostly insignificant.”

But on the other hand, it also shows that some of the organizations that were hit by the ransomware were running outdated Windows 7 systems and not Windows XP. The UK NHS is one of those whose systems were compromised by WannaCry, and although it was originally believed that Windows XP was running on these computers, the organization denied reports and claimed only 5 percent of the devices were still powered by XP.

Windows XP, however, shouldn’t be considered secure by any means, especially because the WannaCry patch was the only one it received since 2014. Support for XP ended more than 3 years ago, so all the other vulnerabilities in the OS remained unpatched. ... 6156.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Post Reply