As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.

• The Los Angeles Times says the attack "shows why Apple refused to hack terrorist's iPhone," and why Google, Apple, and Microsoft resist calls for backdoors. "Though the NSA hasn't confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.... when flaws the agencies discover pose a threat to the nation's businesses and consumers, they should be forced to help secure systems."
• Science fiction writer Charlie Stross blogged a humorous take on the event, sharing a "Rejection Letter" from Reality Publishing Corporation that argues the plot of his newest thriller -- MS17-010 -- "does not hold up to scrutiny." (A government agency hoards known vulnerabilities about vital infrastructure, then suddenly loses control of them...)
• troublemaker_23 shares ITWire's call for a "public statement of contrition" from Microsoft, which reminds readers that "the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause."
• There's now a first-person account about the discovery of the kill switch, which insists that registering that domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..."
• Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking the kill switch's site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

Kind for Microsoft to fix their own bugs

[JoeyRox]

They truly are a reborn company.

Re:Kind for Microsoft to fix their own bugs

[E-Rock]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.

If you wrote code in 2002 would you still understand the code 15 years later?

Too many times I open up a source file from last week, look at the code, and think: "Who wrote this shit?! Oh, I did. Meh..."

Re:Kind for Microsoft to fix their own bugs

[E-Rock]

I must have missed where car makers went back and retrofitted cars with airbags and ABS at their own cost.

Sure you can put these on yourself, just like you could add a hardware or software firewall to block inbound SMB. That would have stopped the lateral infection of this worm. No source code needed, just a bit of care and attention.

Services not running == safe?

[Rick+Schumann]

Am I safe to assume that since I don't have the Server Service or Workstation Service running that I'm safe from this particular exploit?

Re:Services not running == safe?

Several years ago, somebody did a study of the worst types sites on the web, the ones most likely to infect your computer.

Porn wasn't even close to the top.

The absolute worst offender?

Church sites.

What they figured out is that religious people are stupid, believing in a god is only one symptom of that stupidity. They have some moron in the church design their website for free, but the moron doesn't actually know anything about security. So there's unpatched code all over that church site, it gets hacked quickly, and it's distributing malware for years before anybody ever does anything about it.

And their followers are stupid enough to believe in a god, so they're also stupid enough to click on anything on that church site. Boom, whole church is infected.

While the world burned...

[__aaclcg7560]

At my job we finished phasing out the Windows XP and Windows Server 2003 systems from the network last year, the few Windows 8 tablets we have in test are Windows 8.1, and everything else is up-to-date with the latest patches. While the rest of the world burned, it was a quiet Friday as everyone took off for the weekend..

Re:While the world burned...

[DarkVader]

I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

I told him that under no circumstances would I do anything with that machine other than help him move the data to another computer so it could be reformatted. I told him we could put Linux or 7 on it, but I would not support XP for him.

He made some nose about really liking that version of AutoCAD that wouldn't run on anything later, so I told him that he could keep using it, but the only thing I would do for him in that case was disable the network completely, he could use sneakernet. I ended up leaving without touching it.

Kind for Microsoft behaviour

[Okian+Warrior]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Lots of people on the net would support the product, if Microsoft allowed them to.

The fact that it's unsupported is a dodge - in reality, Microsoft comes out with new products and forces people into them in order to make more profit.

And in this instance, the "forced upgrade" policy is causing people to die. it's completely unreasonable for people with expensive equipment running Windows XP to have to repurchase their hardware just because Microsoft wants them to spend another $100 for a new OS.

If the OS is truly obsolete and unsupported, Microsoft should release it into the public domain.

Re:Kind for Microsoft behaviour

[AmiMoJo]

XP isn't unsupported. Microsoft will happily provide patches if you pay them. All that has ended is free support.

You buy proprietary software, you have to accept paying for support as long as you want to keep using it, and paying whatever the vendor demands.

The NHS should require equipment to use free software, or for the vendor to supply security patches for its lifetime.

Windows 7

[jawtheshark]

How about fixing the Windows Update on 7. I have a few Win7 virtual machines, that only have 1 core a 4GB RAM and Windows Update just munches one CPU forever and never finishes. I have let it run for weeks, and it never finishes.

That's why I disabled Windows Update on them, because that situation was untenable. I tried many proposed fixes I found on different fora, but nothing worked.

Granted, they are relatively safe, because these installations only exist to provide me a Windows when I need one (read: next to never) and the rest of the network is Linux and BSD. Being task-oriented with use-cases that don't involve email and random surfing, they are quite a bit safer than your run-of-the-mill Windows 7 that suffer from eternal Windows Update runs.

Re:Windows 7

[jawtheshark]

Yes, these are the things I have read before. I never disconnected from the Internet, and as such it never worked. I'll try it again one of these days. I might be vulnerable, but the risk is very low (and obviously those VMs have no data of any importance)

What is certain, is that many people may have their machines in a state like my VMs. If so, they are vulnerable and can't be patched. Microsoft is very, very at fault for creating a whole fleet of unpatchable 7 machines. It obviously played in their cards, to push the 10 upgrades, but I hold them responsible for this mess.

Re:Windows 7

[jawtheshark]

I didn't come here for advice. The answers I've seen correspond to what I found. The only new thing would be to disconnect the machines from network while doing the update (which is hard when you your your machines using RDP)

One core and 4GB is not the minimum hardware specs for 7, and even if it were: the security features should work perfectly on minimum system requirements. It's a base OS functionality. For most tasks, one core + 4GB is is more than sufficient. Always has been.

I have a fundamental distrust about people who say "more hardware". Usually, that's exactly the kind of people that you don't take advice from because it's the easy solution. The one that doesn't require thinking. (And guess what: it doesn't always work.... Been there, done that, proved the consultant wrong...) Besides, it seems I have them assigned 2 Cores and 4GB RAM. Is that not enough? That's what you'd get with a Celeron or Pentium class machine. These have no more "oompha" you could give them. Is giving all cores from my E3-1260L going to work? Is that even reasonable?!?

I have done delete Software Distribution. Doesn't work... -

Blaming Microsoft for their "greed and arrogance" never gets old on Slashdot.

That may be, because the truth doesn't get old.

Re:Windows 7

[Nkwe]

Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)

Re:First Wave Attack

[K.+S.+Kyosuke]

This internecine violence between kitchen appliances is sad to watch.

Equipment Vendors

[networkzombie]

The scan to folder functions on some copiers haven't upgraded their SMB yet, so they cannot save scans to folders without SMBv1. Your choices are get a new copier (or copier with different vendor), enable SMBv1 on the server (bad idea), or use FTP (bad but not as bad idea). I've come across servers that had SMBv1 enabled just for this. One copier vendor wanted major cash to get the latest firmware. WTF? I've had good luck with Toshiba and Xerox. Sharp and Ricoh can kiss my ass. Forums are filled with "techs" advising to enable SMBv1 on the server. Yikes!

Re:Equipment Vendors

[nnull]

Welcome to the real world. People will resort to things like this just to get stuff to work. Unfortunately this is just human nature.

Re:First Wave Attack

[__aaclcg7560]

This internecine violence between kitchen appliances is sad to watch.

That's why you have to keep the toaster far away from the microwave oven.

Re: Next version

[Rei]

You have your computer set up to have 24/7 read-write access to your backup system?

Yeah, not a good plan.

oo-er

[Hands+of+Blue]

As much as I like to complain about micro$oft, I'm hard-pressed to fault them for this event, and certainly can't fault their response to it.

I'd say most of the blame lies on the staff and, more so, the policies at the institutions where the event occurred. Government and healthcare orgs are notoriously slow to update mission-critical systems, and while some of this blame can be placed on their reliance on custom software built for old environments or a lack of funds for upgrades, at the end of the day all institutions had been given the same end-of-service deadline, and a majority of them cleared it.

Hospitals are far from the only organisation to rely on frequently-antiquated specialty software and embedded devices, but they are perhaps the most critical example.

Re:oo-er

[Joce640k]

Most of those embedded devices probably can't be upgraded.

This is why Microsoft should be taking more responsibility for them.

Re:oo-er

[F.Ultra]

Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.