Microsoft issues WannaCry security patch for XP, blasts US for 'stockpiling vulnerabilities'

In a rare move, the software company has rolled out security updates for its no-longer-supported Windows XP operating system.
By Jessica Davis
10:10 AM

Friday’s WannaCry ransomware outbreak infected over 200,000 of computers in 150 countries, including crippling the U.K National Health Service. And experts expect even more victims as the hackers generate new variants and more users sign into computers Monday morning.

In response, Microsoft released a critical security update on Friday for users operating outdated Windows’ systems, such as Windows XP, Server 2003 and Windows 8. Officials said Windows 10 users weren’t affected by the attack.

Customers using Windows Defender were also provided an update that detects the threat as Ransom:Win32/WannaCrypt.

[Also: UPDATED: Hospitals in UK National Health Service knocked offline by massive ransomware attack]

The software company released security updates in March to address certain vulnerabilities that these WannaCry attacks are exploiting. However, officials said that those who have yet to apply the updates are at risk and should “immediately deploy Microsoft Security Bulletin MS17-010.”

As some Microsoft users are running outdated Windows versions and didn’t receive the security update, the company is making the update broadly available for download on Microsoft’s website.

Officials warned that as this ransomware variant is bound to evolve over time, users should consider blocking legacy protocols on their networks.

“Some of the observed attacks use common phishing tactics, including malicious attachments,” officials said. “Customers should use vigilance when opening documents from untrusted or unknown sources.”

On Sunday, Microsoft also railed against the government for “the stockpiling of vulnerabilities,” which Microsoft said is an emerging pattern in 2017.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Chief Legal Officer Brad Smith said in a blog post. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today: nation-state action and organized criminal action,” he said.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.