As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.

• The Los Angeles Times says the attack "shows why Apple refused to hack terrorist's iPhone," and why Google, Apple, and Microsoft resist calls for backdoors. "Though the NSA hasn't confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.... when flaws the agencies discover pose a threat to the nation's businesses and consumers, they should be forced to help secure systems."
• Science fiction writer Charlie Stross blogged a humorous take on the event, sharing a "Rejection Letter" from Reality Publishing Corporation that argues the plot of his newest thriller -- MS17-010 -- "does not hold up to scrutiny." (A government agency hoards known vulnerabilities about vital infrastructure, then suddenly loses control of them...)
• troublemaker_23 shares ITWire's call for a "public statement of contrition" from Microsoft, which reminds readers that "the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause."
• There's now a first-person account about the discovery of the kill switch, which insists that registering that domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..."
• Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking the kill switch's site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

First Wave Attack

[mentil]

I, for one, welcome our new Cylon overlords.

Re:First Wave Attack

[__aaclcg7560]

You just need a microwave oven to kill a Cylon.

https://www.youtube.com/watch?v=joUZj4shx80

Re:First Wave Attack

[K.+S.+Kyosuke]

This internecine violence between kitchen appliances is sad to watch.

Re:First Wave Attack

[__aaclcg7560]

This internecine violence between kitchen appliances is sad to watch.

That's why you have to keep the toaster far away from the microwave oven.

Kind for Microsoft to fix their own bugs

[JoeyRox]

They truly are a reborn company.

Re:Kind for Microsoft to fix their own bugs

[E-Rock]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Re:Kind for Microsoft to fix their own bugs

[athmanb]

Try asking an open source developer for a patch for an application released in 2002 and see how far you get...

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

Hex editor? That worked back in the DOS days.

Re:Kind for Microsoft to fix their own bugs

[present_arms]

Why? The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.. not so with closed source and there lies the problem ;)

Re:Kind for Microsoft to fix their own bugs

[Joce640k]

With all the money they made on XP they should still be issuing security fixes, yes.

Re:Kind for Microsoft to fix their own bugs

[Dunbal]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Not sure a car manufacturer could get away with "oh but we don't support that car anymore" if it started killing people. One thing is "corporate policy" and another thing is legal liability. Smart move on Microsoft's part, before they get sued.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.

If you wrote code in 2002 would you still understand the code 15 years later?

Too many times I open up a source file from last week, look at the code, and think: "Who wrote this shit?! Oh, I did. Meh..."

Re: Kind for Microsoft to fix their own bugs

[Dunbal]

How do people circumvent DRM without source code...

Re:Kind for Microsoft to fix their own bugs

[mikael]

Hex-Ray is the modern day equivalent. I remember the days of replacing E6 60 with 90 90 for noisy DOS games.

Re:Kind for Microsoft to fix their own bugs

[E-Rock]

I must have missed where car makers went back and retrofitted cars with airbags and ABS at their own cost.

Sure you can put these on yourself, just like you could add a hardware or software firewall to block inbound SMB. That would have stopped the lateral infection of this worm. No source code needed, just a bit of care and attention.

Re:Kind for Microsoft to fix their own bugs

[JoeyRox]

Microsoft is the source of a bug they've known about for months and is causing thousands of users to have their data held captive but somehow I have a "narrative". Sounds like you're the one with a narrative.

Re:Kind for Microsoft to fix their own bugs

[F.Ultra]

Perhaps time to change your coding (or commenting) style then.

Re:Kind for Microsoft to fix their own bugs

[rtb61]

Hey moron, it is not about support, it is about shit programming and after years and years, still failing to fix it properly. People paid for working software not shit programming that would never be fixed, The law should be fix it or open source it, no right to never fix broken programming. Either M$ finally, finally fixes their shit coding or the open the source when the give up trying, so that other people can fix it.

It is entirely corrupt to think you can just abandon bugs and security failures because you are greedy and apparently incompetent programmers. What a fucking lie, support a special favour, fucker it is bug fixing that in car terminology would earn you lemon status, full refunds and bankruptcy. Fixing shitty broken code is not support that is normal sane warranty requirements. You fuckers at M$ keep working on it until it is finally fixed and working properly or open source the code so more competent people can do it.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

That you have the second response when you open up code you've written does not surprise [...]

My code changes from week to week. In particular, I was writing unit tests, refactoring code and writing documentation this morning. I couldn't figure if a function acted on a "per page" or "per comment" basis. I kept thinking "per comment" when the code was "per page".

[...] professional engineer [...]

What does this have to do with civil engineering?

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

Perhaps time to change your coding (or commenting) style then.

That's why I was writing unit tests, refactoring code and writing documentation this morning.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

If your code changes "from week to week" then you are most probably doing a lot wrong.

I'm not aware that there's a "right way" to doing a learning project.

You should stop and think carefully before you hack your next batch of unmaintainable crappy code.

I rarely go back to any of my older learning projects. Usable code I keep in a snippet file for my next learning project.

Incidentally, if your function can be either "per page" or "per comment" then make sure one of the function arguments is clearly named (eg "pages" or "comments") else adjust your function's name to something that makes it clear.

I was confusing the section of code that I was working with a different section of code that I previously worked on. An AC threw a fit a few weeks ago because I was storing HTML data in a CSV and insisted that I use Sqlite instead. After looking into it, I wrote a function to write data to Sqlite. By marking "content id" in the database table as unique, "per comment" came into play. The code I was looking at was "per page" as it requested a web page.

This is such an elementary issue that I suspect you should simply stop writing any more code.

How is one is supposed to learn the dark arts of programming without a CS degree?

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

I have code I wrote in 1990's which is still in active commercial use and it is still good. And I still understand it.

If I find any of my HTML code with the blink tag from the 1990's, I'll be sure to delete it in a hurry.

Re:Kind for Microsoft to fix their own bugs

[F.Ultra]

+1 Top Notch

Re:Kind for Microsoft to fix their own bugs

[thegarbz]

retrofitted cars with airbags and ABS at their own cost.

No one is talking about MS back porting a world of security measures like ALSR into unsupported OSes. That would be the equivalent of retrofitting old cars with ABS. Retrofitting cars with airbags is not the same as fixing a new vulnerability. You know what car companies have done? Recalled cars with faulty airbags and fixed them at cost regardless of the age of the car.

Re:Kind for Microsoft to fix their own bugs

[anonymous+cupboard]

If you wrote code in 2002 would you still understand the code 15 years later?

Weirdly, yes and from 1992. It might take a bit to get back into understanding the environment where it works but usually, I have provided enough annotation to pick it up again quickly, and that includes assembler. It is possibly though because I mostly stayed clear of the very clever stuff and I had enough experience to know that I could be haunted by old code and wrote accordingly.

Re:Next version

[chuckugly]

How is encrypt everything so much different?

Services not running == safe?

[Rick+Schumann]

Am I safe to assume that since I don't have the Server Service or Workstation Service running that I'm safe from this particular exploit?

Re:Services not running == safe?

Several years ago, somebody did a study of the worst types sites on the web, the ones most likely to infect your computer.

Porn wasn't even close to the top.

The absolute worst offender?

Church sites.

What they figured out is that religious people are stupid, believing in a god is only one symptom of that stupidity. They have some moron in the church design their website for free, but the moron doesn't actually know anything about security. So there's unpatched code all over that church site, it gets hacked quickly, and it's distributing malware for years before anybody ever does anything about it.

And their followers are stupid enough to believe in a god, so they're also stupid enough to click on anything on that church site. Boom, whole church is infected.

Re:Services not running == safe?

[athmanb]

Maybe? You should definitely still patch MS17-010 though.

Re:Services not running == safe?

[__aaclcg7560]

The absolute worst offender?

At the enterprise level, I would say money exchange websites. More so if you have an international workforce that travels a lot between job sites.

Church sites.

I'm not surprised. Church people are surprisingly gullible even though the Bible teaches: "Therefore be as shrewd as snakes and as innocent as doves." (Matthew 10:16)

Re:Services not running == safe?

[Rick+Schumann]

Okay.. I don't think you know the difference between 'filesharing' and what I'm talking about.
Open a command prompt and type:
net start
You'll get a list of Windows Services that are running. Most all of you will see "Server" and "Workstation". I have those services set to "Disabled"; they don't show up in that list, they're literally not running at all. So again what I'm asking is: Since those Windows Services are Disabled (i.e. not running) then is there still a problem or not? If you don't know the answer that's okay.

Re:Services not running == safe?

[Rick+Schumann]

I don't trust Microsoft to not slip something else I don't want into the patch.

Re:Services not running == safe?

[jonwil]

Personally I would rather my system be running whatever crap MS has invented (spyware included) than be at risk of being infected with malware.

Re:Services not running == safe?

[digitig]

Tricky for the NHS - it's part of the job of healthcare professionals to look at people's naughty bits.

Re:Services not running == safe?

[__aaclcg7560]

For example, those poor saps that hire creimer ignoring red flags such as his 1000 page resume and furniture breaking heft.

We got our first fat joke for the day. Here's a pic!

https://twitter.com/cdreimer/status/863479397117870080/

Re:Services not running == safe?

[__aaclcg7560]

Fuck man, I can't even.

Cartman is a mess.

Re:Services not running == safe?

Your words are embarrassingly condescending here, but it's true in other venues that scammers are attracted to religious folk due to their gullibility.

Re: Services not running == safe?

[Rick+Schumann]

Oh for fuck's sake.. OF COURSE they're Stopped. There's been dozens, hundreds of reboots since I set them to Disabled. Don't be dumb.

Re:Services not running == safe?

[Rick+Schumann]

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

Re:Services not running == safe?

[Rick+Schumann]

I've been trying to get Linux Mint up to speed to replace XP, but I keep running into roadblocks, the most recent of which is it's decided to not accept my password for SUDO operations anymore. Just decided at some point to stop taking it. So far nobody has come up with a solid explanation as to why. Then there's the piece of software I'd like to keep using that needs Java, and you can't get Java installed under WINE to save your own life. Then there's the TiVo software that runs as services under Windows, and that won't work under WINE either. Mainly the SUDO problem is making me want to smash it with a sledgehammer. I'm far from computer-illiterate and I'm having these sorts of problems with Linux; so I see what the real obstacles are to Linux being a competitive replacement for Windows on a large scale; if I'm this frustrated with it already, the average end-user would have given up long ago and just got Windows 10.

Re:Services not running == safe?

[Rick+Schumann]

Since you claim to know what you're talking about: "Server Service" and "Workstation Service" are both STOPPED and DISABLED and have been for a long time now.
Netstat -an | findstr LISTENING returns this:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Additionally I'm behind a firewall that has all ports (0 through 65535) invisible on the WAN interface, and of course no SMB-related ports are open regardless.
Now, are you really saying that this can still be infected? Don't just say 'yes', point to PROOF.

Re:Next version

[Aighearach]

If we could just get the users to do that themselves when infected, this problem would eventually go away.

People need to learn to create data backups; not system backups. You don't need to back up your OS+cracks, you just need to back up your actual data and have a way to track service dependencies so that you can install a fresh system, and then connect your data to your services.

There are lots of websites using RubyOnRails and similar technologies that have modern deployment systems that makes that easy. It is sad that so many non-web, traditional applications have fallen behind the webby ones.

While the world burned...

[__aaclcg7560]

At my job we finished phasing out the Windows XP and Windows Server 2003 systems from the network last year, the few Windows 8 tablets we have in test are Windows 8.1, and everything else is up-to-date with the latest patches. While the rest of the world burned, it was a quiet Friday as everyone took off for the weekend..

Re:While the world burned...

[DarkVader]

I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

I told him that under no circumstances would I do anything with that machine other than help him move the data to another computer so it could be reformatted. I told him we could put Linux or 7 on it, but I would not support XP for him.

He made some nose about really liking that version of AutoCAD that wouldn't run on anything later, so I told him that he could keep using it, but the only thing I would do for him in that case was disable the network completely, he could use sneakernet. I ended up leaving without touching it.

Re:While the world burned...

[__aaclcg7560]

I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

One time I had a user who finally gave up his Windows 95 desktop after ten years. I popped open the case and found a dust ball that was larger than a grapefruit inside.

Re:While the world burned...

[spongman]

> about really liking that version of AutoCAD
the cracked version he had wouldn't install on windows 7, i bet.

Kind for Microsoft behaviour

[Okian+Warrior]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Lots of people on the net would support the product, if Microsoft allowed them to.

The fact that it's unsupported is a dodge - in reality, Microsoft comes out with new products and forces people into them in order to make more profit.

And in this instance, the "forced upgrade" policy is causing people to die. it's completely unreasonable for people with expensive equipment running Windows XP to have to repurchase their hardware just because Microsoft wants them to spend another $100 for a new OS.

If the OS is truly obsolete and unsupported, Microsoft should release it into the public domain.

Re:Kind for Microsoft behaviour

[AmiMoJo]

XP isn't unsupported. Microsoft will happily provide patches if you pay them. All that has ended is free support.

You buy proprietary software, you have to accept paying for support as long as you want to keep using it, and paying whatever the vendor demands.

The NHS should require equipment to use free software, or for the vendor to supply security patches for its lifetime.

Windows 7

[jawtheshark]

How about fixing the Windows Update on 7. I have a few Win7 virtual machines, that only have 1 core a 4GB RAM and Windows Update just munches one CPU forever and never finishes. I have let it run for weeks, and it never finishes.

That's why I disabled Windows Update on them, because that situation was untenable. I tried many proposed fixes I found on different fora, but nothing worked.

Granted, they are relatively safe, because these installations only exist to provide me a Windows when I need one (read: next to never) and the rest of the network is Linux and BSD. Being task-oriented with use-cases that don't involve email and random surfing, they are quite a bit safer than your run-of-the-mill Windows 7 that suffer from eternal Windows Update runs.

Re:Windows 7

[__aaclcg7560]

You need two or more cores to run WIndows Update and play Minesweeper at the same time.

Re:Windows 7

Install the June 2016 update. Use the manual download installer, and disconnect from the Internet when you launch it. Reboot, Windows Update now works right.

Re:Windows 7

[jawtheshark]

On any patch level, or do I need to start form a fresh install.

The "disconnect from Interent" is a new factor for me. The July 2016 update promised to fix it, but never did. I must admit, this is going to be very hard for me, because these machine run on Xen hosts and well, I access them using RDP.

Re:Windows 7

[jawtheshark]

Could you have been any less helpful?

Re:Windows 7

The July 2016 should do the trick as well, according to the KBs.
You disable Windows Update (no checking), as you said you already have.
You disconnect from the Internet so the manual installer can not attempt an online scan, which is the slow part.
You need SP1 installed. You need KB3020369 installed, get it manually as well.
Then you install the June or July 2016 rollup. Reboot. Re-enable Windows Update, reconnect to the Internet. Scans should be speedier, especially once you are more up to date.

You also have the option of getting the giant 'SP2' convenience rollup manual installer(KB3125574) which covers most everything from SP1 to early 2016.(except KB3020369 again)

Re:Windows 7

[__aaclcg7560]

Could you have been any less helpful?

WOOOSH!

Re:Windows 7

[jawtheshark]

Yes, these are the things I have read before. I never disconnected from the Internet, and as such it never worked. I'll try it again one of these days. I might be vulnerable, but the risk is very low (and obviously those VMs have no data of any importance)

What is certain, is that many people may have their machines in a state like my VMs. If so, they are vulnerable and can't be patched. Microsoft is very, very at fault for creating a whole fleet of unpatchable 7 machines. It obviously played in their cards, to push the 10 upgrades, but I hold them responsible for this mess.

Re:Windows 7

[robinsonne]

Try installing the optional patch KB3172605. It solved the Win Update running and running for ever problem for me at least.

Re:Windows 7

[jawtheshark]

You can kid all you want, creimer. I did understand your silly joke, but you make a stupid joke, while I address a real problem. Microsoft caused a great many Windows 7 installations to get in this situation: eternal Windows Update cycle. As such, these machines aren't being patched and are all vulnerable. That is something they should have fixed, asap, and pushed though immediately. Of course, they didn't because we all know that badly behaved Windows 7 machines were more likely to get upgraded to 10. Which in itself caused a great many people to disable WIndows Update. Microsoft cultivated this distrust of their Windows Update mechanisms. There are very guilty in this story and they are so mainly because of their greed and arrogance.

Re:Windows 7

[__aaclcg7560]

I did understand your silly joke, but you make a stupid joke, while I address a real problem.

You came to Slashdot looking for advice on a real problem. This will end badly.

As such, these machines aren't being patched and are all vulnerable.

The solution is simple: more hardware. One core isn't going to cut it. You need a minimum of two cores and four cores is preferable. I had no problems running Windows Vista through 10 because I don't use the minimum hardware specs. That's just asking for trouble.

Try deleting or renaming the software distribution folder (works on Win7).
http://www.windowscentral.com/how-clear-softwaredistribution-folder-windows-10

Or back up the data and do a clean install. That fixes the Windows Updater and problems between the keyboard and chair.

There are very guilty in this story and they are so mainly because of their greed and arrogance.

Blaming Microsoft for their "greed and arrogance" never gets old on Slashdot.

Re:Windows 7

[jawtheshark]

I didn't come here for advice. The answers I've seen correspond to what I found. The only new thing would be to disconnect the machines from network while doing the update (which is hard when you your your machines using RDP)

One core and 4GB is not the minimum hardware specs for 7, and even if it were: the security features should work perfectly on minimum system requirements. It's a base OS functionality. For most tasks, one core + 4GB is is more than sufficient. Always has been.

I have a fundamental distrust about people who say "more hardware". Usually, that's exactly the kind of people that you don't take advice from because it's the easy solution. The one that doesn't require thinking. (And guess what: it doesn't always work.... Been there, done that, proved the consultant wrong...) Besides, it seems I have them assigned 2 Cores and 4GB RAM. Is that not enough? That's what you'd get with a Celeron or Pentium class machine. These have no more "oompha" you could give them. Is giving all cores from my E3-1260L going to work? Is that even reasonable?!?

I have done delete Software Distribution. Doesn't work... -

Blaming Microsoft for their "greed and arrogance" never gets old on Slashdot.

That may be, because the truth doesn't get old.

Re:Windows 7

[jawtheshark]

... and for the record..... I did reinstall a couple of times, and les WU do its work.

DIdn't work. How can a plain ISO install fuck up? The only thing I did was, let sit aloe do its thing... It should fix itself, right? Well it doesn't.

I've been managing, installing and maintaining Windows machines for years... I am not the cause.

These VMs can be reinstalled at will though... Data is not stored on VMs. They are only tools in order to live in a Windows world where the occasional task comes where you can't use Linux. Happens once or twice a year. That's why I have them.

Re:Windows 7

[Nkwe]

Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)

Re:Windows 7

[__aaclcg7560]

Usually, that's exactly the kind of people that you don't take advice from because it's the easy solution. The one that doesn't require thinking.

Right. That's what all the people with underperforming systems tell me. Meanwhile, I'm working on my cheap Dell laptop with a dual-core processor, 120GB SSD and 8GB RAM, running Chrome, PyCharm and Thunderbird. If the system does slow down from trying too many things at the same time, I just get another Diet Pepsi.

Re:Windows 7

[jawtheshark]

No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself.

Yes, yes,... They could make a single comprehensive patch that fixes it. One download, one fix... Well advertised. Hell, I'm sure they would have a way to do it over WU. If a WU client with a certain version contacts the WU server, you send one patch: the one to fix itself. At that point it can fix itself, and then go on it's merry way. Windows XP had an WU fix that went about that way: it was a patch you needed to do, in order to continue do any other patches.

try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do

You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.

And of course, you should get to a more current and supported version of the operating system...

I disagree. I paid for 7, I get 7 until it's officially expired. It should work until that day, which is in 2020.

Windows 10 is a horrible operating system.

Re:Windows 7

[jez9999]

Talking of which am I missing something? That link above had a fix for Windows XP and Windows 8, but not Windows 7. What gives?

Re:Windows 7

[Nkwe]

You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.

Assuming that Aunt Annie is not a technical person she would either hire a professional or rely on help from friends and relatives -- the same thing she would do if her car broke down (also assuming that she isn't a mechanic). I don't remember the order because I don't spend much time on Windows 7. I have moved on to a currently supported operating system. I happened to have the patch files sitting in a a directory on my file server and as a courtesy gave you the KB numbers. If I had to patch a Windows 7 box again, I would just look of the KBs I listed, install the two prerequisites for the speed patch, the speed patch, and then the update roll up. (The four KBs I listed) I don't perceive this as a problem because when Windows 7 was released the expected technical level of someone using a computer was much higher than it is today. I will perceive it as a problem if Windows 10 as a similar update issue 5 years from now as expectations of a computer maintaining itself are much higher. (As a side note, the current expectation of computers "just working" is a big driver of Microsoft forcing patches that we as technical folks can be uncomfortable with.)

I disagree. I paid for 7, I get 7 until it's officially expired. It should work until that day, which is in 2020.

Support (meaning that Microsoft will help individual users with specific issues, e.g. you can call them and get help) is officially expired as of January 13, 2015. The 2020 date is extended support, which means that Microsoft will create security patches, but not necessarily help you install them or help you with other issues.

Re: Windows 7

[__aaclcg7560]

So, when my Dell Precision M6700 with a Core i7-3740QM and 16GB of RAM has problems with a hanging Windows Update I should throw more hardware at it?

The OP had two Win7 VMs with one core and 4GB each. While that meets the minimum hardware requirements for Win7, it's not an optimal configuration. If Windows Update is taking forever to complete in a VM, it might be because the VM lacks the necessary hardware resources.

FWIW, installing a set of updates manually and deleting SoftwareDistributions did the trick.

There's that too.

Re:Windows 7

[ChoGGi]

If you manually install a couple updates before running windows update, it'll fix that issue
https://hardforum.com/threads/...

Re:Windows 7

[Waccoon]

A real fix to this problem would be a single download on their web site, in an obvious location, that patches Windows Update to the latest version. No need to hunt down this stuff yourself. But, that would be too simple given that they don't want you to reinstall Win7, in favor of buying Win10.

Instead, you have to surf their forums to find other people complaining about Windows Update running for days (literally) at 100% CPU usage. MS lackeys suggest you reboot your computer. Forum people argue about what magic combination of KB patches will fix it this time, since it seems to break regularly and you have to hunt to find which KB patches are the latest ones. Denial and user-blaming abounds.

The last time I checked a few months ago, the KB patches required on a fresh reinstall are KB3020369, KB3102810, KB3138612, KB3172605, and WindowsUpdateAgent7.6

Re:Windows 7

[jawtheshark]

Hi Anonymous Coward. I don't know if you're still reading, disconnecting the VM from the Internet (disabled network interface), worked perfectly and I have a well behaved VM again. Amazing. I am positively sure, I did follow the instructions to get it on that patch level (and bar from the convenience upgrade, the pre-requisistes told me every time they were installed), but that seems to have been the little detail that was missing.

Thanks for the the tip.

Equipment Vendors

[networkzombie]

The scan to folder functions on some copiers haven't upgraded their SMB yet, so they cannot save scans to folders without SMBv1. Your choices are get a new copier (or copier with different vendor), enable SMBv1 on the server (bad idea), or use FTP (bad but not as bad idea). I've come across servers that had SMBv1 enabled just for this. One copier vendor wanted major cash to get the latest firmware. WTF? I've had good luck with Toshiba and Xerox. Sharp and Ricoh can kiss my ass. Forums are filled with "techs" advising to enable SMBv1 on the server. Yikes!

Re:Equipment Vendors

[nnull]

Welcome to the real world. People will resort to things like this just to get stuff to work. Unfortunately this is just human nature.

Re: Next version

[Rei]

You have your computer set up to have 24/7 read-write access to your backup system?

Yeah, not a good plan.

oo-er

[Hands+of+Blue]

As much as I like to complain about micro$oft, I'm hard-pressed to fault them for this event, and certainly can't fault their response to it.

I'd say most of the blame lies on the staff and, more so, the policies at the institutions where the event occurred. Government and healthcare orgs are notoriously slow to update mission-critical systems, and while some of this blame can be placed on their reliance on custom software built for old environments or a lack of funds for upgrades, at the end of the day all institutions had been given the same end-of-service deadline, and a majority of them cleared it.

Hospitals are far from the only organisation to rely on frequently-antiquated specialty software and embedded devices, but they are perhaps the most critical example.

Re:oo-er

[Joce640k]

Most of those embedded devices probably can't be upgraded.

This is why Microsoft should be taking more responsibility for them.

Re:oo-er

[F.Ultra]

Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.

Re:oo-er

[spongman]

which medical facility uses devices based on (software) components that are unsupported? do they also let the calibration on their dosimeters expire?

no, if your embedded device contains software that EOLs, then THE WHOLE FUCKING DEVICE should EOL on that date. you know that date at the time of purchase - it's no secret.

Re:oo-er

[painandgreed]

Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.

Trust me, the vendors have covered their asses with their install/support contract. They probably have an upgrade path, and only require the hospital to buy the new version along with new servers to begin the migration. $10 million isn't unusual for such an upgrade and a single departmental system, which may or may not be only payable out of departmental, capital, or some other budget by either hospital policy or state law. Plus, they're not really EOL'd. MS is still supporting older systems for those with volume licensing that are paying, and hospitals are paying if still running many of these machines.* Still, from my readings of the articles, its not really the clinical systems themselves being hit but all the user computers used to access them.

*Not to say that there aren't completely unsupported examples out there. Where I worked had some Win95 boxes connected by Novel Network (complete with their own network routers on old beige boxes sitting in the network closets) until the department responsible finally replaced the system in the late 2000's. My department's last XP machine was connected to a special purpose film scanner using a horribly old proprietary SCSI card that wouldn't have fit in a newer computer even if we could have found the drivers for it or the scanner. it had one purpose which would be over in another six months and new replacement would have been in excess of $15k just for the hardware and the contract probably would have taken several months to get signed. In the end we let it sit and do its job for a few more months and then pitched it.

Re:oo-er

[F.Ultra]

I'm quite sure that they have covered their asses with contracts. That is not my concern however. My concern is that they decide to build embedded devices running on Windows XP and then leave them connected to a network fully aware that Windows XP will be EOLd in the future (yes you can still shell out enormous amounts of cash to get some small support from Microsoft but that still leave it as practically EOL for most of us anyway).

Nice of Microsoft to release an update for Win 7

Oh wait, they deliberately didn't do that .....

Re:Didn't cripple the UK health system..

[digitig]

It doesn't seem to have affected emergency services either. It's stuff like the appointments system that's (necessarily) connected to the Internet - the actual medical equipment tends not to be (at least, not directly - some equipment seems to be on VPNs to distribute results automatically between departments, and then over the internet from the hospital to the patient's GP or another hospital).

Re:Who asks for a ransom? the bad guys or microsof

[digitig]

And if the update breaks expensive vertical applications, it won't be Microsoft that foots the bill...

Who didnt see this coming

[Kuruk]

Microsoft in there greed to force everyone to Windows 10 turned of patch's on peoples machines. Shit hits the fan.

Re:Next version

[newcastlejon]

How is encrypt everything so much different?

Because no-one is going to pay a ransom after their data has been erased and if they're warned beforehand they can easily pull the disk and retrieve everything. There's no profit to be made in that.

Re:Next version

[chuckugly]

And how does that make us lucky?

Re:Not always true

[spire3661]

What happened there? I got hit with that stupid thing for a while, on a raspberry pi system not connected to the internet that i was using as digital signage.

Re:Not always true

[F.Ultra]

The author of xscreensaver got tired of receiving tons of mails from end users complaining about problems that where already fixed years ago, fixes that various distributions (like Debian) never backported so he put that message in there to vent his anger a bit.

Software non-freedom is not justified.

[jbn-o]

Asking about one's skill with editing old code has nothing to do with the need for treating other people ethically by respecting users' software freedoms. Just because you aren't skilled enough to track what's going on in code from week to week doesn't justify denying users the freedom to run, inspect, share, and modify the code running on their computers. Non-technical users (which probably are in the majority) can either learn programming, hire out the job, get someone they trust to help them gratis, or a combination of these things. But the decision should be up to them to make, just as your learning curve is apparently steep enough for you to review week-old code and think it to be "shit".

Re:Software non-freedom is not justified.

[__aaclcg7560]

Just because you aren't skilled enough to track what's going on in code from week to week [..]

I tend to make a lot of changes in my code from week to week. That it still works as intended is a nice bonus.

[...] doesn't justify denying users the freedom to run, inspect, share, and modify the code running on their computers.

I don't know where this line of reasoning came from.

[...] just as your learning curve is apparently steep enough for you to review week-old code and think it to be "shit".

My harshest critic is myself. If I think what I did last week was shit, than I need to do better this week. I know too many programmers who find it easy to "polish the turd" than to push themselves to the next level.

Custom Support and MS quarterly earnings

[yuhong]

From https://view.officeapps.live.c... : "As expected, Enterprise Services revenue declined 1 percent and was flat in constant currency, due to a lower volume of Windows Server 2003 custom support agreements."
I did not even know that Custom Support has to do with MS quarterly earnings until today! I wonder how much it actually costs for MS.