As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.

• The Los Angeles Times says the attack "shows why Apple refused to hack terrorist's iPhone," and why Google, Apple, and Microsoft resist calls for backdoors. "Though the NSA hasn't confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.... when flaws the agencies discover pose a threat to the nation's businesses and consumers, they should be forced to help secure systems."
• Science fiction writer Charlie Stross blogged a humorous take on the event, sharing a "Rejection Letter" from Reality Publishing Corporation that argues the plot of his newest thriller -- MS17-010 -- "does not hold up to scrutiny." (A government agency hoards known vulnerabilities about vital infrastructure, then suddenly loses control of them...)
• troublemaker_23 shares ITWire's call for a "public statement of contrition" from Microsoft, which reminds readers that "the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause."
• There's now a first-person account about the discovery of the kill switch, which insists that registering that domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..."
• Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking the kill switch's site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

First Wave Attack

[mentil]

I, for one, welcome our new Cylon overlords.

Re:First Wave Attack

The Cylons would never have an unregistered domain as a kill switch.

Re:First Wave Attack

[__aaclcg7560]

You just need a microwave oven to kill a Cylon.

https://www.youtube.com/watch?v=joUZj4shx80

Re:First Wave Attack

[K.+S.+Kyosuke]

This internecine violence between kitchen appliances is sad to watch.

Re:First Wave Attack

[__aaclcg7560]

This internecine violence between kitchen appliances is sad to watch.

That's why you have to keep the toaster far away from the microwave oven.

Re: First Wave Attack

This is called evidence now? Sounds like more fake news to hurt the working class.

Show real evidence liars.

Next version

At the moment, we are just lucky. The next version of this malware will have a 'format c:' switch.

Re:Next version

[chuckugly]

How is encrypt everything so much different?

Re:Next version

[Aighearach]

If we could just get the users to do that themselves when infected, this problem would eventually go away.

People need to learn to create data backups; not system backups. You don't need to back up your OS+cracks, you just need to back up your actual data and have a way to track service dependencies so that you can install a fresh system, and then connect your data to your services.

There are lots of websites using RubyOnRails and similar technologies that have modern deployment systems that makes that easy. It is sad that so many non-web, traditional applications have fallen behind the webby ones.

Re: Next version

My backups were encrypted too :(

Re:Next version

nah, it would be really cool if it modified hard drive firmware so that the all the disks need to be replaced

Re: Next version

[Rei]

You have your computer set up to have 24/7 read-write access to your backup system?

Yeah, not a good plan.

Re:Next version

[newcastlejon]

How is encrypt everything so much different?

Because no-one is going to pay a ransom after their data has been erased and if they're warned beforehand they can easily pull the disk and retrieve everything. There's no profit to be made in that.

Re:Next version

Too bad. They should have had backups.

Re:Next version

[chuckugly]

And how does that make us lucky?

Kind for Microsoft to fix their own bugs

[JoeyRox]

They truly are a reborn company.

Re:Kind for Microsoft to fix their own bugs

[E-Rock]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Re:Kind for Microsoft to fix their own bugs

Ayup, next MS will send flowers to the widows and orphans in the UK of the people who died due to the NHS mess.

Re:Kind for Microsoft to fix their own bugs

How about I flip the narritive instead? Fuck Microsoft for preventing people from fixing the old abandoned software they tossed in the garbage for themselves.

Abandoned software really should be automatically treated as public domain by the law. :/

Re:Kind for Microsoft to fix their own bugs

[athmanb]

Try asking an open source developer for a patch for an application released in 2002 and see how far you get...

Re:Kind for Microsoft to fix their own bugs

And how are you going to fix anything without the source code?

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

Hex editor? That worked back in the DOS days.

Re:Kind for Microsoft to fix their own bugs

[DonkeyG5]

Microsoft is responsible of the NHS using outdated, unsupported software?

Re: Kind for Microsoft to fix their own bugs

Assembly? Binary patch? How do people cheat at games with no source code?

Re:Kind for Microsoft to fix their own bugs

Abandoned software really should be automatically treated as public domain by the law.

I agree, but the idea is going nowhere fast, so, fuck it. Just run a 'live' system from a USB stick. So many problems completely cease to exist that way.

Re:Kind for Microsoft to fix their own bugs

[present_arms]

Why? The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.. not so with closed source and there lies the problem ;)

Re:Kind for Microsoft to fix their own bugs

[Joce640k]

With all the money they made on XP they should still be issuing security fixes, yes.

Re:Kind for Microsoft to fix their own bugs

[Dunbal]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Not sure a car manufacturer could get away with "oh but we don't support that car anymore" if it started killing people. One thing is "corporate policy" and another thing is legal liability. Smart move on Microsoft's part, before they get sued.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.

If you wrote code in 2002 would you still understand the code 15 years later?

Too many times I open up a source file from last week, look at the code, and think: "Who wrote this shit?! Oh, I did. Meh..."

Re: Kind for Microsoft to fix their own bugs

[Dunbal]

How do people circumvent DRM without source code...

Re:Kind for Microsoft to fix their own bugs

[mikael]

Hex-Ray is the modern day equivalent. I remember the days of replacing E6 60 with 90 90 for noisy DOS games.

Re:Kind for Microsoft to fix their own bugs

[E-Rock]

I must have missed where car makers went back and retrofitted cars with airbags and ABS at their own cost.

Sure you can put these on yourself, just like you could add a hardware or software firewall to block inbound SMB. That would have stopped the lateral infection of this worm. No source code needed, just a bit of care and attention.

Re:Kind for Microsoft to fix their own bugs

They truly are a reborn company.

Good thing nothing you have ever created had any flaws -ever. Maybe since you are perfect you can release your own version of everything for the rest of us to use?

No? You are just an arrogant prick.

Re:Kind for Microsoft to fix their own bugs

Sure you can put these on yourself, just like you could add a hardware or software firewall to block inbound SMB.

At your own expense, for a bug that's existed since launch day.

Note: Normally, I wouldn't expect the vendor to fix this, rather I would expect the state that decided to hide the bug for use as a weapon to pay damages and upfront the cost of fixing it.

However, with Secure Boot and other such mechanisms becoming more prevalent as of late, it's fastly approaching the point where unless the vendor makes the patch, even going at the bug with a hex editor won't work unless you subvert the entire security system as well. For some devices, (Android, iOS, video game consoles, etc.), that point is already here. So vendors may just start finding out that they'll have to pay to fix these bugs out of pocket if they want to use such "protections". Else risk the bad PR and consequences from the general public.

Nevermind this issue just so happens to be one where the firewall itself isn't enough. The main initial infection vector is a PDF file attached in an email or hyperlink, with a malicious DOCM macro embedded into it. So no just a firewall won't prevent infection, unless you plan to put hardware firewalls on all of your network nodes at your own expense. (Can't trust a compromised system's firewall.) Most people would consider that unreasonable, nevermind cost prohibitive.

So no, having support from the vendor is not only necessary but mandatory at this point, and it will be, until the vendors decide to return ultimate control to those who purchased the product.

Re: Kind for Microsoft to fix their own bugs

Sigh, kids these days

Re:Kind for Microsoft to fix their own bugs

What else on those systems is dating back to XP days?

I just started a new job and curious as to what was locked down on my computer and not started poking around during some down time. Anti-Virus over a year out of date on definitions, full access to window control panel and any link inside I did try to clink, did not do many but big ones like device manager were fully open.

Access to network drives that have nothing to do with my position or job, looks like I am able to download anything from the open internet, though only tried picture files (SFW the default backgrounds with windows suck in most cases) and not executable nothing was even slowed or locked. Can not tell if there is any sort of firewall still on the network at all. Oh and something like 200 windows updates reported as ready to download. I am afraid to reboot the computer for I do not know how many are needing that to complete install, as they leave all systems on all day. Out of habit I lock the system when I am more then a few feet away but their standard screen saver lock does not kick in for 60 minutes. Also looks like I am running an admin account though did not dig too deeply as was waiting on them to complete my setup for email and other access that they were to do remotely
Oh and this is windows 7, so you can not put it all on Microsoft when the admins do not even keep the most basic of security items operating properly.

Re:Kind for Microsoft to fix their own bugs

[JoeyRox]

Microsoft is the source of a bug they've known about for months and is causing thousands of users to have their data held captive but somehow I have a "narrative". Sounds like you're the one with a narrative.

Re:Kind for Microsoft to fix their own bugs

If you wrote code in 2002 would you still understand the code 15 years later?

Understand it? Yes. Be capable of modifying it? Yes.

Would I also expect to see numerous sins, bad design choices, and other code smells? You bet.

There's a difference between "This code is REALLY not very good, and shows that I was an immature developer 15 years ago," and "This code is unintelligible gibberish." That you have the second response when you open up code you've written does not surprise, but for an actual professional engineer, yes, code written in 2002 is perfectly intelligible and understandable.

Re:Kind for Microsoft to fix their own bugs

Most open source used in 2002 is either still in active development today or replaced by a whole new opensource product. You are rarely stuck on a 2002 application with opensource. Even if you have low end old computer you may find a recent distro with up to date packages that can suit your hardware

Re:Kind for Microsoft to fix their own bugs

[F.Ultra]

Perhaps time to change your coding (or commenting) style then.

Re:Kind for Microsoft to fix their own bugs

[rtb61]

Hey moron, it is not about support, it is about shit programming and after years and years, still failing to fix it properly. People paid for working software not shit programming that would never be fixed, The law should be fix it or open source it, no right to never fix broken programming. Either M$ finally, finally fixes their shit coding or the open the source when the give up trying, so that other people can fix it.

It is entirely corrupt to think you can just abandon bugs and security failures because you are greedy and apparently incompetent programmers. What a fucking lie, support a special favour, fucker it is bug fixing that in car terminology would earn you lemon status, full refunds and bankruptcy. Fixing shitty broken code is not support that is normal sane warranty requirements. You fuckers at M$ keep working on it until it is finally fixed and working properly or open source the code so more competent people can do it.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

That you have the second response when you open up code you've written does not surprise [...]

My code changes from week to week. In particular, I was writing unit tests, refactoring code and writing documentation this morning. I couldn't figure if a function acted on a "per page" or "per comment" basis. I kept thinking "per comment" when the code was "per page".

[...] professional engineer [...]

What does this have to do with civil engineering?

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

Perhaps time to change your coding (or commenting) style then.

That's why I was writing unit tests, refactoring code and writing documentation this morning.

Re:Kind for Microsoft to fix their own bugs

I must have missed the part where making a software patch available to millions of users costs anything significant outside of initial development costs. This is literally fractions of a cent per user. While MS sits on piles of cash. But hey, money excuses unethical behavior, how about it.

Re:Kind for Microsoft to fix their own bugs

I have code I wrote in 1990's which is still in active commercial use and it is still good. And I still understand it.

Re:Kind for Microsoft to fix their own bugs

If your code changes "from week to week" then you are most probably doing a lot wrong. You should stop and think carefully before you hack your next batch of unmaintainable crappy code.

Incidentally, if your function can be either "per page" or "per comment" then make sure one of the function arguments is clearly named (eg "pages" or "comments") else adjust your function's name to something that makes it clear. This is such an elementary
  issue that I suspect you should simply stop writing any more code.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

If your code changes "from week to week" then you are most probably doing a lot wrong.

I'm not aware that there's a "right way" to doing a learning project.

You should stop and think carefully before you hack your next batch of unmaintainable crappy code.

I rarely go back to any of my older learning projects. Usable code I keep in a snippet file for my next learning project.

Incidentally, if your function can be either "per page" or "per comment" then make sure one of the function arguments is clearly named (eg "pages" or "comments") else adjust your function's name to something that makes it clear.

I was confusing the section of code that I was working with a different section of code that I previously worked on. An AC threw a fit a few weeks ago because I was storing HTML data in a CSV and insisted that I use Sqlite instead. After looking into it, I wrote a function to write data to Sqlite. By marking "content id" in the database table as unique, "per comment" came into play. The code I was looking at was "per page" as it requested a web page.

This is such an elementary issue that I suspect you should simply stop writing any more code.

How is one is supposed to learn the dark arts of programming without a CS degree?

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

I have code I wrote in 1990's which is still in active commercial use and it is still good. And I still understand it.

If I find any of my HTML code with the blink tag from the 1990's, I'll be sure to delete it in a hurry.

Re:Kind for Microsoft to fix their own bugs

Yes. I expect myself to be able to read my own code 25 years later. I should wonder why the hell I chose for a crappy solution, but I should still be able to read it. If not, then I can just as well delete it, apologize to those I'm responsible to and start over.

If an employee decides to produce crappy code, he'd better have a good reason for doing so and have a shitload of comments right next to it in order to explain it. If not, he's fired.

If I'm responsible for maintaining an operating system, I expect from myself four things:
1) The code can be read like a book;
2) The source code is well commented;
3) APIs are stable and well documented;
4) design priorities in the following order: a) stability, b) security, c) performance, d) user convenience.

This order is not up for debate. There's no point in an os being secure if it's not stable, there's no point in high performance if some idiot on the internet can install something which takes the whole thing down or opens a back door and there's no point in providing convenience to users if you cannot provide decent performance.

That being said, Microsoft turned the order of this around with Windows. They first cared about user convenience, after that came performance. Security didn't exist until people started complaining about it and don't get me started about stability, which Microsoft still considers of little importance.

Re:Kind for Microsoft to fix their own bugs

Oh... and by the way: There are still parts of MSDOS and Windows 95 in Windows 10.

Re:Kind for Microsoft to fix their own bugs

There's still code they copied from CP/M and VMS in Windoze 10.

Re:Kind for Microsoft to fix their own bugs

[F.Ultra]

+1 Top Notch

Re:Kind for Microsoft to fix their own bugs

[thegarbz]

retrofitted cars with airbags and ABS at their own cost.

No one is talking about MS back porting a world of security measures like ALSR into unsupported OSes. That would be the equivalent of retrofitting old cars with ABS. Retrofitting cars with airbags is not the same as fixing a new vulnerability. You know what car companies have done? Recalled cars with faulty airbags and fixed them at cost regardless of the age of the car.

Re:Kind for Microsoft to fix their own bugs

[anonymous+cupboard]

If you wrote code in 2002 would you still understand the code 15 years later?

Weirdly, yes and from 1992. It might take a bit to get back into understanding the environment where it works but usually, I have provided enough annotation to pick it up again quickly, and that includes assembler. It is possibly though because I mostly stayed clear of the very clever stuff and I had enough experience to know that I could be haunted by old code and wrote accordingly.

N....S.....A

N....S.....A
N....S.....A
dun dun dun dunna
N....S.....A

Services not running == safe?

[Rick+Schumann]

Am I safe to assume that since I don't have the Server Service or Workstation Service running that I'm safe from this particular exploit?

Re:Services not running == safe?

[__aaclcg7560]

If you got a current Microsoft OS and up to date on patching, you should be safe. It might help if you're not looking at naughty bits on the Internet. If you don't practice safe computing, you're just asking for trouble.

Re:Services not running == safe?

[headbulb]

SMB is always running even if you turn off filesharing it's still there \\pcname\c$ will take you to that computers c drive.

Patch please

Re:Services not running == safe?

Several years ago, somebody did a study of the worst types sites on the web, the ones most likely to infect your computer.

Porn wasn't even close to the top.

The absolute worst offender?

Church sites.

What they figured out is that religious people are stupid, believing in a god is only one symptom of that stupidity. They have some moron in the church design their website for free, but the moron doesn't actually know anything about security. So there's unpatched code all over that church site, it gets hacked quickly, and it's distributing malware for years before anybody ever does anything about it.

And their followers are stupid enough to believe in a god, so they're also stupid enough to click on anything on that church site. Boom, whole church is infected.

Re:Services not running == safe?

[athmanb]

Maybe? You should definitely still patch MS17-010 though.

Re:Services not running == safe?

[__aaclcg7560]

The absolute worst offender?

At the enterprise level, I would say money exchange websites. More so if you have an international workforce that travels a lot between job sites.

Church sites.

I'm not surprised. Church people are surprisingly gullible even though the Bible teaches: "Therefore be as shrewd as snakes and as innocent as doves." (Matthew 10:16)

Re:Services not running == safe?

i have some issues with whitespace on web pages, learned about click jacking from no script. and that was a comment section on a webpage, disqus IIRC

Re:Services not running == safe?

[Rick+Schumann]

Okay.. I don't think you know the difference between 'filesharing' and what I'm talking about.
Open a command prompt and type:
net start
You'll get a list of Windows Services that are running. Most all of you will see "Server" and "Workstation". I have those services set to "Disabled"; they don't show up in that list, they're literally not running at all. So again what I'm asking is: Since those Windows Services are Disabled (i.e. not running) then is there still a problem or not? If you don't know the answer that's okay.

Re:Services not running == safe?

[Rick+Schumann]

I don't trust Microsoft to not slip something else I don't want into the patch.

Re:Services not running == safe?

[jonwil]

Personally I would rather my system be running whatever crap MS has invented (spyware included) than be at risk of being infected with malware.

Re:Services not running == safe?

Yetyouusewhitespaceinyoursentences.

Re:Services not running == safe?

Then why are you running Windows? I understand job requirements, etc., but just saying... if you don't trust them, find something you can.

Re:Services not running == safe?

Frankly, relying on the output of the net commands might not be enough considering how many places you can force services to start from on windows. If you run: netstat -an | findstr LISTENING how are 135, 139, 445 doing? (Or you can use TCPView from the Sysinternals Suite, although it seems like you already know what you're doing. technet.microsoft.com/en-us/sysinternals/default)

Maybe run a full port scan on your machine from another machine on the same network. If it's all locked down you should be fine because that service won't be accessible regardless. If not you can use Windows Firewall which has been vastly improved starting with Windows 7 (at least for blocking ports).

Re:Services not running == safe?

[digitig]

Tricky for the NHS - it's part of the job of healthcare professionals to look at people's naughty bits.

Re:Services not running == safe?

You can say the same thing about many other groups of people. For example, those poor saps that hire creimer ignoring red flags such as his 1000 page resume and furniture breaking heft.

Re:Services not running == safe?

[__aaclcg7560]

For example, those poor saps that hire creimer ignoring red flags such as his 1000 page resume and furniture breaking heft.

We got our first fat joke for the day. Here's a pic!

https://twitter.com/cdreimer/status/863479397117870080/

Re: Services not running == safe?

Disabled is not the same as stopped you dumb fuck.

Re:Services not running == safe?

- massive double chin
- man tits reminiscent of Robert Paulson's in Fight Club
- no discernible arm muscles, just rolls of fat

"YEAH LOOK AT ME, I'M SUPER STRONG!"

Fuck man, I can't even.

Re:Services not running == safe?

[__aaclcg7560]

Fuck man, I can't even.

Cartman is a mess.

Re:Services not running == safe?

Your words are embarrassingly condescending here, but it's true in other venues that scammers are attracted to religious folk due to their gullibility.

Re:Services not running == safe?

Classic Creamer. Someone calls him fat. To counter the fat claim, shows a picture of him being disgustingly fat. Someone says he's stupid, says how he was in special ed and got kicked out of college. Someone says he doesn't know how to work out, shows himself leisurely walking. Do you even see yourself? Who the fuck has fat on their neck to the point it's bigger in diameter than their idiot head?

You've been on a diet/workout schedule for 5 years. You are 350lb. It clearly is not working. Titanic? Which means what exactly? That you're huge? Oh... It's a another case where he takes people making fun of him and twists it in his head to fit his virtual little world where he's fine.

How about Creamer? That's a great nickname.

Re: Services not running == safe?

[Rick+Schumann]

Oh for fuck's sake.. OF COURSE they're Stopped. There's been dozens, hundreds of reboots since I set them to Disabled. Don't be dumb.

Re:Services not running == safe?

[Rick+Schumann]

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Re:Services not running == safe?

[Rick+Schumann]

I've been trying to get Linux Mint up to speed to replace XP, but I keep running into roadblocks, the most recent of which is it's decided to not accept my password for SUDO operations anymore. Just decided at some point to stop taking it. So far nobody has come up with a solid explanation as to why. Then there's the piece of software I'd like to keep using that needs Java, and you can't get Java installed under WINE to save your own life. Then there's the TiVo software that runs as services under Windows, and that won't work under WINE either. Mainly the SUDO problem is making me want to smash it with a sledgehammer. I'm far from computer-illiterate and I'm having these sorts of problems with Linux; so I see what the real obstacles are to Linux being a competitive replacement for Windows on a large scale; if I'm this frustrated with it already, the average end-user would have given up long ago and just got Windows 10.

Re:Services not running == safe?

What they figured out is that religious people are stupid, believing in a god is only one symptom of that stupidity. ...

You're preaching to the choir.

Re:Services not running == safe?

[Rick+Schumann]

Since you claim to know what you're talking about: "Server Service" and "Workstation Service" are both STOPPED and DISABLED and have been for a long time now.
Netstat -an | findstr LISTENING returns this:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Additionally I'm behind a firewall that has all ports (0 through 65535) invisible on the WAN interface, and of course no SMB-related ports are open regardless.
Now, are you really saying that this can still be infected? Don't just say 'yes', point to PROOF.

While the world burned...

[__aaclcg7560]

At my job we finished phasing out the Windows XP and Windows Server 2003 systems from the network last year, the few Windows 8 tablets we have in test are Windows 8.1, and everything else is up-to-date with the latest patches. While the rest of the world burned, it was a quiet Friday as everyone took off for the weekend..

Re:While the world burned...

[DarkVader]

I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

I told him that under no circumstances would I do anything with that machine other than help him move the data to another computer so it could be reformatted. I told him we could put Linux or 7 on it, but I would not support XP for him.

He made some nose about really liking that version of AutoCAD that wouldn't run on anything later, so I told him that he could keep using it, but the only thing I would do for him in that case was disable the network completely, he could use sneakernet. I ended up leaving without touching it.

Re:While the world burned...

[__aaclcg7560]

I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

One time I had a user who finally gave up his Windows 95 desktop after ten years. I popped open the case and found a dust ball that was larger than a grapefruit inside.

Re:While the world burned...

[spongman]

> about really liking that version of AutoCAD
the cracked version he had wouldn't install on windows 7, i bet.

Kind for Microsoft behaviour

[Okian+Warrior]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Lots of people on the net would support the product, if Microsoft allowed them to.

The fact that it's unsupported is a dodge - in reality, Microsoft comes out with new products and forces people into them in order to make more profit.

And in this instance, the "forced upgrade" policy is causing people to die. it's completely unreasonable for people with expensive equipment running Windows XP to have to repurchase their hardware just because Microsoft wants them to spend another $100 for a new OS.

If the OS is truly obsolete and unsupported, Microsoft should release it into the public domain.

Re:Kind for Microsoft behaviour

[AmiMoJo]

XP isn't unsupported. Microsoft will happily provide patches if you pay them. All that has ended is free support.

You buy proprietary software, you have to accept paying for support as long as you want to keep using it, and paying whatever the vendor demands.

The NHS should require equipment to use free software, or for the vendor to supply security patches for its lifetime.

Re:Kind for Microsoft behaviour

Your point is well taken, but somewhat undercut by the fact that the NHS *does* pay Microsoft handsomely for extended XP support - and yet was still hit hard by this attack.

Windows 7

[jawtheshark]

How about fixing the Windows Update on 7. I have a few Win7 virtual machines, that only have 1 core a 4GB RAM and Windows Update just munches one CPU forever and never finishes. I have let it run for weeks, and it never finishes.

That's why I disabled Windows Update on them, because that situation was untenable. I tried many proposed fixes I found on different fora, but nothing worked.

Granted, they are relatively safe, because these installations only exist to provide me a Windows when I need one (read: next to never) and the rest of the network is Linux and BSD. Being task-oriented with use-cases that don't involve email and random surfing, they are quite a bit safer than your run-of-the-mill Windows 7 that suffer from eternal Windows Update runs.

Re:Windows 7

[__aaclcg7560]

You need two or more cores to run WIndows Update and play Minesweeper at the same time.

Re:Windows 7

Install the June 2016 update. Use the manual download installer, and disconnect from the Internet when you launch it. Reboot, Windows Update now works right.

Re:Windows 7

[jawtheshark]

On any patch level, or do I need to start form a fresh install.

The "disconnect from Interent" is a new factor for me. The July 2016 update promised to fix it, but never did. I must admit, this is going to be very hard for me, because these machine run on Xen hosts and well, I access them using RDP.

Re:Windows 7

[jawtheshark]

Could you have been any less helpful?

Re:Windows 7

The July 2016 should do the trick as well, according to the KBs.
You disable Windows Update (no checking), as you said you already have.
You disconnect from the Internet so the manual installer can not attempt an online scan, which is the slow part.
You need SP1 installed. You need KB3020369 installed, get it manually as well.
Then you install the June or July 2016 rollup. Reboot. Re-enable Windows Update, reconnect to the Internet. Scans should be speedier, especially once you are more up to date.

You also have the option of getting the giant 'SP2' convenience rollup manual installer(KB3125574) which covers most everything from SP1 to early 2016.(except KB3020369 again)

Re:Windows 7

[__aaclcg7560]

Could you have been any less helpful?

WOOOSH!

Re:Windows 7

[jawtheshark]

Yes, these are the things I have read before. I never disconnected from the Internet, and as such it never worked. I'll try it again one of these days. I might be vulnerable, but the risk is very low (and obviously those VMs have no data of any importance)

What is certain, is that many people may have their machines in a state like my VMs. If so, they are vulnerable and can't be patched. Microsoft is very, very at fault for creating a whole fleet of unpatchable 7 machines. It obviously played in their cards, to push the 10 upgrades, but I hold them responsible for this mess.

Re:Windows 7

[robinsonne]

Try installing the optional patch KB3172605. It solved the Win Update running and running for ever problem for me at least.

Re:Windows 7

Yes, the Windows Update speed fix should have been pushed in a more aggressive manner. (The June/July 2016 updates are optional.) Supposedly they are also expiring obsolete updates which may eventually improve the scan situation even for those that do not have improved update code.

The disconnect from Internet is not part of the fix; it is to avoid the slowness which would otherwise hit you even with a manual installer.

It worked for me and many others who were seeing this in 2016, hopefully for you as well.

If not, you can pick up critical updates like MS17-010 with the manual installer, cut the Internet, and install them.

Re:Windows 7

I had the same problem and followed this guide earlier today with success: http://plugable.com/2016/06/08/windows-7-wont-update-what-to-do/

Re:Windows 7

[jawtheshark]

You can kid all you want, creimer. I did understand your silly joke, but you make a stupid joke, while I address a real problem. Microsoft caused a great many Windows 7 installations to get in this situation: eternal Windows Update cycle. As such, these machines aren't being patched and are all vulnerable. That is something they should have fixed, asap, and pushed though immediately. Of course, they didn't because we all know that badly behaved Windows 7 machines were more likely to get upgraded to 10. Which in itself caused a great many people to disable WIndows Update. Microsoft cultivated this distrust of their Windows Update mechanisms. There are very guilty in this story and they are so mainly because of their greed and arrogance.

Re: Windows 7

Whatever dude. You said yourself that your whole network is almost all Linux/BSD. So maybe the problem isn't that Microsoft is stupid and negligently responsible for dumbasses not updating. Perhaps the problem is dumbshits who know nothing about Windows and arrogantly expect Microsoft to spoon feed you. And when you somehow fucked up and others weren't willing to do your job for free, you said fuck it and walked away.

If you get hit by this on Windows 7, it's your own goddam fault and don't for a second try yo blame it on anybody else.

Re:Windows 7

[__aaclcg7560]

I did understand your silly joke, but you make a stupid joke, while I address a real problem.

You came to Slashdot looking for advice on a real problem. This will end badly.

As such, these machines aren't being patched and are all vulnerable.

The solution is simple: more hardware. One core isn't going to cut it. You need a minimum of two cores and four cores is preferable. I had no problems running Windows Vista through 10 because I don't use the minimum hardware specs. That's just asking for trouble.

Try deleting or renaming the software distribution folder (works on Win7).
http://www.windowscentral.com/how-clear-softwaredistribution-folder-windows-10

Or back up the data and do a clean install. That fixes the Windows Updater and problems between the keyboard and chair.

There are very guilty in this story and they are so mainly because of their greed and arrogance.

Blaming Microsoft for their "greed and arrogance" never gets old on Slashdot.

Re:Windows 7

[jawtheshark]

I didn't come here for advice. The answers I've seen correspond to what I found. The only new thing would be to disconnect the machines from network while doing the update (which is hard when you your your machines using RDP)

One core and 4GB is not the minimum hardware specs for 7, and even if it were: the security features should work perfectly on minimum system requirements. It's a base OS functionality. For most tasks, one core + 4GB is is more than sufficient. Always has been.

I have a fundamental distrust about people who say "more hardware". Usually, that's exactly the kind of people that you don't take advice from because it's the easy solution. The one that doesn't require thinking. (And guess what: it doesn't always work.... Been there, done that, proved the consultant wrong...) Besides, it seems I have them assigned 2 Cores and 4GB RAM. Is that not enough? That's what you'd get with a Celeron or Pentium class machine. These have no more "oompha" you could give them. Is giving all cores from my E3-1260L going to work? Is that even reasonable?!?

I have done delete Software Distribution. Doesn't work... -

Blaming Microsoft for their "greed and arrogance" never gets old on Slashdot.

That may be, because the truth doesn't get old.

Re:Windows 7

[jawtheshark]

... and for the record..... I did reinstall a couple of times, and les WU do its work.

DIdn't work. How can a plain ISO install fuck up? The only thing I did was, let sit aloe do its thing... It should fix itself, right? Well it doesn't.

I've been managing, installing and maintaining Windows machines for years... I am not the cause.

These VMs can be reinstalled at will though... Data is not stored on VMs. They are only tools in order to live in a Windows world where the occasional task comes where you can't use Linux. Happens once or twice a year. That's why I have them.

Re:Windows 7

[Nkwe]

Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)

Re:Windows 7

[__aaclcg7560]

Usually, that's exactly the kind of people that you don't take advice from because it's the easy solution. The one that doesn't require thinking.

Right. That's what all the people with underperforming systems tell me. Meanwhile, I'm working on my cheap Dell laptop with a dual-core processor, 120GB SSD and 8GB RAM, running Chrome, PyCharm and Thunderbird. If the system does slow down from trying too many things at the same time, I just get another Diet Pepsi.

Re:Windows 7

[jawtheshark]

No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself.

Yes, yes,... They could make a single comprehensive patch that fixes it. One download, one fix... Well advertised. Hell, I'm sure they would have a way to do it over WU. If a WU client with a certain version contacts the WU server, you send one patch: the one to fix itself. At that point it can fix itself, and then go on it's merry way. Windows XP had an WU fix that went about that way: it was a patch you needed to do, in order to continue do any other patches.

try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do

You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.

And of course, you should get to a more current and supported version of the operating system...

I disagree. I paid for 7, I get 7 until it's officially expired. It should work until that day, which is in 2020.

Windows 10 is a horrible operating system.

Re:Windows 7

https://www.reddit.com/r/windows/comments/4tx4s9/windows_7_slowstuck_checking_for_updates_fix_as/

Re: Windows 7

And your opinion of Windows 10 matters zero since you readily admit to only touching twice a year, at Windows 7 and then go straight back to Nix. So why waste your time and mine with the reviews?

Re:Windows 7

[jez9999]

Talking of which am I missing something? That link above had a fix for Windows XP and Windows 8, but not Windows 7. What gives?

Re:Windows 7

[Nkwe]

You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.

Assuming that Aunt Annie is not a technical person she would either hire a professional or rely on help from friends and relatives -- the same thing she would do if her car broke down (also assuming that she isn't a mechanic). I don't remember the order because I don't spend much time on Windows 7. I have moved on to a currently supported operating system. I happened to have the patch files sitting in a a directory on my file server and as a courtesy gave you the KB numbers. If I had to patch a Windows 7 box again, I would just look of the KBs I listed, install the two prerequisites for the speed patch, the speed patch, and then the update roll up. (The four KBs I listed) I don't perceive this as a problem because when Windows 7 was released the expected technical level of someone using a computer was much higher than it is today. I will perceive it as a problem if Windows 10 as a similar update issue 5 years from now as expectations of a computer maintaining itself are much higher. (As a side note, the current expectation of computers "just working" is a big driver of Microsoft forcing patches that we as technical folks can be uncomfortable with.)

I disagree. I paid for 7, I get 7 until it's officially expired. It should work until that day, which is in 2020.

Support (meaning that Microsoft will help individual users with specific issues, e.g. you can call them and get help) is officially expired as of January 13, 2015. The 2020 date is extended support, which means that Microsoft will create security patches, but not necessarily help you install them or help you with other issues.

Re: Windows 7

If you haven't been updating these past 2 years then your 7 has a version of Windows update that is no longer supported and will never work.

Re: Windows 7

So, when my Dell Precision M6700 with a Core i7-3740QM and 16GB of RAM has problems with a hanging Windows Update I should throw more hardware at it? FWIW, installing a set of updates manually and deleting SoftwareDistributions did the trick.

Re: Windows 7

[__aaclcg7560]

So, when my Dell Precision M6700 with a Core i7-3740QM and 16GB of RAM has problems with a hanging Windows Update I should throw more hardware at it?

The OP had two Win7 VMs with one core and 4GB each. While that meets the minimum hardware requirements for Win7, it's not an optimal configuration. If Windows Update is taking forever to complete in a VM, it might be because the VM lacks the necessary hardware resources.

FWIW, installing a set of updates manually and deleting SoftwareDistributions did the trick.

There's that too.

Re:Windows 7

Talking of which am I missing something? That link above had a fix for Windows XP and Windows 8, but not Windows 7. What gives?

Windows XP and Windows 8 (not 8.1!) extended support ended and Microsoft went out of their way to releases patches for them anyways. Patches for Windows 7 and other still supported systems (including 8.1, 10, even XP embedded/POSReady) already got distributed via the usual channels back in March.

So if you have Windows 7 with a security rollup from March, April or May this bug is fixed.

Re:Windows 7

The following two links may be useful to you:

https://support.microsoft.com/en-us/kb/3200747
https://support.microsoft.com/en-us/kb/3161647

I installed the update to Windows Update while back, and I haven't had an issue since on any VMs or bare metal machines. It may not fix your issue but it's worth a try.

My main complaint now is the idiotic monthly rollup patches that take away all control over what gets installed.

I'm experimenting with Win 10 VMs, but I hate Win 10. HATE IT. Even the Enterprise LTSB version doesn't give me nearly enough control. Fortunately the only thing I really need Windows for is to play games and I don't do much of that these days.

Re:Windows 7

[ChoGGi]

If you manually install a couple updates before running windows update, it'll fix that issue
https://hardforum.com/threads/...

Re:Windows 7

[Waccoon]

A real fix to this problem would be a single download on their web site, in an obvious location, that patches Windows Update to the latest version. No need to hunt down this stuff yourself. But, that would be too simple given that they don't want you to reinstall Win7, in favor of buying Win10.

Instead, you have to surf their forums to find other people complaining about Windows Update running for days (literally) at 100% CPU usage. MS lackeys suggest you reboot your computer. Forum people argue about what magic combination of KB patches will fix it this time, since it seems to break regularly and you have to hunt to find which KB patches are the latest ones. Denial and user-blaming abounds.

The last time I checked a few months ago, the KB patches required on a fresh reinstall are KB3020369, KB3102810, KB3138612, KB3172605, and WindowsUpdateAgent7.6

Re:Windows 7

Before running Windows Update (on Win7), make sure the following patches are un-installed, and then reboot.

KB2952664
KB3021917
KB3068708
KB3080149

Some of these patches involve Windows Telemetry that eats up a lot of CPU. Make sure these patches cannot be intalled in the future.

Re:Windows 7

[jawtheshark]

Hi Anonymous Coward. I don't know if you're still reading, disconnecting the VM from the Internet (disabled network interface), worked perfectly and I have a well behaved VM again. Amazing. I am positively sure, I did follow the instructions to get it on that patch level (and bar from the convenience upgrade, the pre-requisistes told me every time they were installed), but that seems to have been the little detail that was missing.

Thanks for the the tip.

Re:Windows 7

Glad it worked.

captcha: installs

Equipment Vendors

[networkzombie]

The scan to folder functions on some copiers haven't upgraded their SMB yet, so they cannot save scans to folders without SMBv1. Your choices are get a new copier (or copier with different vendor), enable SMBv1 on the server (bad idea), or use FTP (bad but not as bad idea). I've come across servers that had SMBv1 enabled just for this. One copier vendor wanted major cash to get the latest firmware. WTF? I've had good luck with Toshiba and Xerox. Sharp and Ricoh can kiss my ass. Forums are filled with "techs" advising to enable SMBv1 on the server. Yikes!

Re:Equipment Vendors

[nnull]

Welcome to the real world. People will resort to things like this just to get stuff to work. Unfortunately this is just human nature.

I bet the NSA did the attack

Switch around the names of the perpetrators and reread the plot.

oo-er

[Hands+of+Blue]

As much as I like to complain about micro$oft, I'm hard-pressed to fault them for this event, and certainly can't fault their response to it.

I'd say most of the blame lies on the staff and, more so, the policies at the institutions where the event occurred. Government and healthcare orgs are notoriously slow to update mission-critical systems, and while some of this blame can be placed on their reliance on custom software built for old environments or a lack of funds for upgrades, at the end of the day all institutions had been given the same end-of-service deadline, and a majority of them cleared it.

Hospitals are far from the only organisation to rely on frequently-antiquated specialty software and embedded devices, but they are perhaps the most critical example.

Re:oo-er

[Joce640k]

Most of those embedded devices probably can't be upgraded.

This is why Microsoft should be taking more responsibility for them.

Re:oo-er

[F.Ultra]

Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.

Re:oo-er

[spongman]

which medical facility uses devices based on (software) components that are unsupported? do they also let the calibration on their dosimeters expire?

no, if your embedded device contains software that EOLs, then THE WHOLE FUCKING DEVICE should EOL on that date. you know that date at the time of purchase - it's no secret.

Re:oo-er

[painandgreed]

Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.

Trust me, the vendors have covered their asses with their install/support contract. They probably have an upgrade path, and only require the hospital to buy the new version along with new servers to begin the migration. $10 million isn't unusual for such an upgrade and a single departmental system, which may or may not be only payable out of departmental, capital, or some other budget by either hospital policy or state law. Plus, they're not really EOL'd. MS is still supporting older systems for those with volume licensing that are paying, and hospitals are paying if still running many of these machines.* Still, from my readings of the articles, its not really the clinical systems themselves being hit but all the user computers used to access them.

*Not to say that there aren't completely unsupported examples out there. Where I worked had some Win95 boxes connected by Novel Network (complete with their own network routers on old beige boxes sitting in the network closets) until the department responsible finally replaced the system in the late 2000's. My department's last XP machine was connected to a special purpose film scanner using a horribly old proprietary SCSI card that wouldn't have fit in a newer computer even if we could have found the drivers for it or the scanner. it had one purpose which would be over in another six months and new replacement would have been in excess of $15k just for the hardware and the contract probably would have taken several months to get signed. In the end we let it sit and do its job for a few more months and then pitched it.

Re:oo-er

[F.Ultra]

I'm quite sure that they have covered their asses with contracts. That is not my concern however. My concern is that they decide to build embedded devices running on Windows XP and then leave them connected to a network fully aware that Windows XP will be EOLd in the future (yes you can still shell out enormous amounts of cash to get some small support from Microsoft but that still leave it as practically EOL for most of us anyway).

Who asks for a ransom? the bad guys or microsoft?

Microsoft recommends to update to a supported version of their Windows. But it does not say that such update will be free of charge. If your data gets encrypted, pay to recover them. Otherwise... pay if you don't want them encrypted in the first place.

What is the difference?

It's really sad that even with this, companies (and hospitals, for goodness sake) will not move to more secure platforms...

Nice of Microsoft to release an update for Win 7

Oh wait, they deliberately didn't do that .....

as usual

Setup cannot update your windows xp files because the language installed on your system is different from the update language. ...

Re:Nice of Microsoft to release an update for Win

They released the update for Win7 & Vista in March.

If you want to take shots at them, do it on XP/2003. XP was patched in March as well; they just give that update to special customers only. You don't think they qualified all of these updates in 24 hours, do you?

captcha: licensor

Removes Feature, not Issues Patch

Microsoft removed a feature. It did not patch a bug. This was put into all versions of Windows, even those that were supposedly "rewritten from the ground up." It didn't get there by accident.

Not always true

Remember the xscreensaver debacle?

Re:Not always true

[spire3661]

What happened there? I got hit with that stupid thing for a while, on a raspberry pi system not connected to the internet that i was using as digital signage.

Re:Not always true

[F.Ultra]

The author of xscreensaver got tired of receiving tons of mails from end users complaining about problems that where already fixed years ago, fixes that various distributions (like Debian) never backported so he put that message in there to vent his anger a bit.

Didn't cripple the UK health system..

Took out a few hospitals, and badly affected a few others.. But far from taking out the UK health service.. Most places were just fine.. Though part of that is down to rapid shutting down of the initial vector on an organisational level..

Re:Didn't cripple the UK health system..

[digitig]

It doesn't seem to have affected emergency services either. It's stuff like the appointments system that's (necessarily) connected to the Internet - the actual medical equipment tends not to be (at least, not directly - some equipment seems to be on VPNs to distribute results automatically between departments, and then over the internet from the hospital to the patient's GP or another hospital).

Re:Who asks for a ransom? the bad guys or microsof

[digitig]

And if the update breaks expensive vertical applications, it won't be Microsoft that foots the bill...

Who didnt see this coming

[Kuruk]

Microsoft in there greed to force everyone to Windows 10 turned of patch's on peoples machines. Shit hits the fan.

Re:Who didnt see this coming

Who didn't see the demise of spelling and grammar coming?

Re:Who didnt see this coming

didn't
their
off
patches
people's

Hope this helps.

SMB1 huh

MS seems to be sticking with the "this is just SMB1 and shame on you if you haven't shut it off" but others are saying otherwise:
https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/ appears to identify the attack vector as SMBv2.

Anyway, it seems like not being brain dead is the best way to avoid getting burned by this. Make sure your patches are current, make sure you're not running an operating system that hasn't been supported for more than three years now (after being warned that the end was coming for literally twice that long) and of course try to not do retarded shit like open random email attachments from spammers. That ten year old network capable printer/scanner with firmware that can't be updated? Keep putting off its replacement at your peril.

For all of the businesses and hospitals who got smacked up by this, YOU DESERVED IT. There is absolutely no excuse for the level of incompetence required to be running unpatched and non backed up computers that contain critical data. This is criminal level negligence.

Posthumous Cracking

perhaps this crack was launched after the death of the writer.

Normally the most likely candidates for cracking are the intelligence services themselves, but unless they all colluded on this one, it is quite big.

Posthumous cracking is only set to get worse as the old IT lot are getting closer to kicking the bucket. And to be fair most people with the technical know how don't crack, not because of some moral or ethical reason, but because they know that tracing is not that hard to do.

Software non-freedom is not justified.

[jbn-o]

Asking about one's skill with editing old code has nothing to do with the need for treating other people ethically by respecting users' software freedoms. Just because you aren't skilled enough to track what's going on in code from week to week doesn't justify denying users the freedom to run, inspect, share, and modify the code running on their computers. Non-technical users (which probably are in the majority) can either learn programming, hire out the job, get someone they trust to help them gratis, or a combination of these things. But the decision should be up to them to make, just as your learning curve is apparently steep enough for you to review week-old code and think it to be "shit".

Re:Software non-freedom is not justified.

[__aaclcg7560]

Just because you aren't skilled enough to track what's going on in code from week to week [..]

I tend to make a lot of changes in my code from week to week. That it still works as intended is a nice bonus.

[...] doesn't justify denying users the freedom to run, inspect, share, and modify the code running on their computers.

I don't know where this line of reasoning came from.

[...] just as your learning curve is apparently steep enough for you to review week-old code and think it to be "shit".

My harshest critic is myself. If I think what I did last week was shit, than I need to do better this week. I know too many programmers who find it easy to "polish the turd" than to push themselves to the next level.

Windows 2000

And still no Windows 2000 patch!

Custom Support and MS quarterly earnings

[yuhong]

From https://view.officeapps.live.c... : "As expected, Enterprise Services revenue declined 1 percent and was flat in constant currency, due to a lower volume of Windows Server 2003 custom support agreements."
I did not even know that Custom Support has to do with MS quarterly earnings until today! I wonder how much it actually costs for MS.