As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.

• The Los Angeles Times says the attack "shows why Apple refused to hack terrorist's iPhone," and why Google, Apple, and Microsoft resist calls for backdoors. "Though the NSA hasn't confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.... when flaws the agencies discover pose a threat to the nation's businesses and consumers, they should be forced to help secure systems."
• Science fiction writer Charlie Stross blogged a humorous take on the event, sharing a "Rejection Letter" from Reality Publishing Corporation that argues the plot of his newest thriller -- MS17-010 -- "does not hold up to scrutiny." (A government agency hoards known vulnerabilities about vital infrastructure, then suddenly loses control of them...)
• troublemaker_23 shares ITWire's call for a "public statement of contrition" from Microsoft, which reminds readers that "the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause."
• There's now a first-person account about the discovery of the kill switch, which insists that registering that domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..."
• Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking the kill switch's site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

Kind for Microsoft behaviour

[Okian+Warrior]

For an ancient unsupported version of their product. Make sure you put that into your narrative.

Lots of people on the net would support the product, if Microsoft allowed them to.

The fact that it's unsupported is a dodge - in reality, Microsoft comes out with new products and forces people into them in order to make more profit.

And in this instance, the "forced upgrade" policy is causing people to die. it's completely unreasonable for people with expensive equipment running Windows XP to have to repurchase their hardware just because Microsoft wants them to spend another $100 for a new OS.

If the OS is truly obsolete and unsupported, Microsoft should release it into the public domain.

Re:Kind for Microsoft behaviour

[AmiMoJo]

XP isn't unsupported. Microsoft will happily provide patches if you pay them. All that has ended is free support.

You buy proprietary software, you have to accept paying for support as long as you want to keep using it, and paying whatever the vendor demands.

The NHS should require equipment to use free software, or for the vendor to supply security patches for its lifetime.

Re:Kind for Microsoft to fix their own bugs

[__aaclcg7560]

The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.

If you wrote code in 2002 would you still understand the code 15 years later?

Too many times I open up a source file from last week, look at the code, and think: "Who wrote this shit?! Oh, I did. Meh..."

Re:Windows 7

[Nkwe]

Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)

Re:oo-er

[F.Ultra]

Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.