Sunday, May 14, 2017

WannaCry – Microsoft issued emergency patches for Windows XP and Server 2003

On Friday, the WannaCry ransomware infected systems at organizations and critical infrastructure across at least 74 countries leveraging NSA exploits, at least 120,000 computers worldwide have been hit in a few hours.
The WannaCry exploits the NSA EternalBlue DoublePulsar exploits to infect other connected Windows systems on the same network, the malware implements network warm capabilities that allow it to rapidly spread.
“The special criticality of this campaign is caused by exploiting the vulnerability described in bulletin MS17-010 using EternalBlue DoublePulsar, which can infect other connected Windows systems on the same network that are not properly updated. Infection of a single computer can end up compromising the entire corporate network.” states the security alert issued by the CERT.
On Friday evening, Microsoft promptly issued security patches for Windows XP, Server 2003, and Windows 8, in response to the massive attack.According to the real-time map of the infection, the WannaCry attacks on Friday reached 125,000 systems worldwide.“The ransomware, a variant of WannaCry, infects the machine by encrypting all its files and, using the vulnerability mentioned in the previous paragraph that allows the execution of remote commands through Samba (SMB) and is distributed to other Windows machines in That same network.”
The DOUBLEPULSAR backdoor allows attackers to inject and execute malicious code on a target system, it is installed by leveraging the ETERNALBLUE, an SMBv1 (Server Message Block 1.0) exploit that could trigger an RCE in older versions of Windows (Windows XP to Server 2008 R2).
Microsoft patched the vulnerability in March, but the security updates were made available only for current platforms and for those clients that have signed a custom support contract. Systems running Windows XP, Windows 8, and Server 2003 were vulnerable to the attack, for this reason Microsoft decided to provide security patches also for these systems.
“Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.” reads the advisory published by Microsoft.” This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.”
Microsoft released patches for Windows Server 2003 (SP2 x64 / x86); Windows XP (SP2 x64, SP3 x86); Windows XP Embedded (SP3, x86); as well as the 32-bit and 64-bit versions of Windows 8.
Below further details shared by the company.

1 comment:

  1. freelancing meaning


    Thanks for sharing article nice one..waiting for next one keep it up

    ReplyDelete