One of the best articles so far I've read on it with links to the dissected malware to tracking it in real time. https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/ One line that particularly stands out: 'A large part of the organisation's systems are still using Windows XP, which is no longer supported by Microsoft, and Health Secretary Jeremy Hunt cancelled a pricey support package in 2015 as a cost-saving measure.' Also it seems likely that the NHS was hit as Telefonica (a Spanish company) runs a lot of NHS comms. Telefonica staff were told to go home on Friday, shut down all the computers and not use any Telefonica based comms at all, so therefore its quite possible it spread from them to the NHS. Regards, Isitari. P.S. I hope our resident Doc is doing alright under the current circumstances.
I keep seeing the mention of XP being the vector of attack, and while I agree the NHS and government have no excuses to be running massively out of date software that has no support. It's been documented that the vulnerability is present in Vista and on wards. edit: Although thinking about it, this maybe because there is no update for XP... For anyone wanting to check whether they or their systems are safe. For people using the following versions of Windows, make sure you have the following patches installed on your machine: Windows Vista and Windows Server 2008 - KB4012598 Windows 7 and Windows Server 2008 R2 - KB4012212 (standalone) OR KB4012215 (update rollup) Windows Server 2012 - KB4012214 (standalone) OR KB4012217 (update rollup) Windows 8.1 and Windows Server 2012 R2 - KB4012213 (standalone) OR KB4012216 (update rollup). NOTE: Later security updates may incorporate and replace KB4012216. Haven't done the research on this yet. Windows 10 (you can check your installed version and build by pressing Win-R and running winver) Pre-version 1511 - KB4012606 Version 1511 - KB4013198 Version 1607 and Windows Server 2016 x64 - KB4013429 (OS build 14393.953). NOTE: If you have any of the following patches installed, you're good: KB4015438 (14393.969), KB4016635 (14393.970), KB4015217 (14393.1083), and KB4019472 (14393.1198). All of these replace KB4013429. Version 1703 already has this update
Microsoft have now released a patch for XP even if you didn't pay for the extra (very extra) longterm support. Sent from my SM-N915FY using Tapatalk
Incase anyone's missed it, here's the MS bulletin with all the details: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Edit: Emergency XP patch available here: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Can we recoup the costs from the NSA? For anyone concerned Microsoft have released an emergency patch today for all versions of Windows from XP onwards.
Rather big update on Wannacrypt situation. Especially seems to challenge that XP was the main culprit. https://arstechnica.com/security/20...reason-last-weeks-wcry-worm-spread-so-widely/ Sent from my SM-N915FY using Tapatalk
That doesn't surprise me as the bean counters, who normally count their beans via internet connected devices, show XP with a tiny market share so 7 was undoubtedly the largest attack vector, especially as it seems many people have been avoiding updating 7 because of the inclusion of what some people see as unwanted updates.
i spent the bulk of last weekend manually patching gold images and recomposing the better part of our VDI farms ... found out about it at 3:45 friday afternoon ...
Saw something similar last night, seems a bunch of researchers were having a hard time getting it to behave as expected in XP environments. If what i read was correct and I understood the limited info. It would appear that SP3 on XP helped to protect xp machines due to SHA256 being used on it where as SP2 doesnt force the use of it. Not sure but interesting reading.
Yah...I'm contacting every vendor to make sure they okay the XP patch. Most don't know as the machines aren't made anymore.
