In an unexpected move, Microsoft has acted to release a security patch for several of its unsupported operating systems. The patch being released acts to prevent the 'WannaCrypt' exploit that plagued countries across the world this week by disrupting health services, utility companies and more.
Phillip Misner, the Prinicipal Security Manager for the Microsoft Security Response Center, a group tasked with delivering timely security fixes and setting the priority of exploits, took to the TechNet blog to explain the company's stance on the issue and the steps it has taken.
- In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
- For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
- This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
Misner also noted that Microsoft "worked throughout the day" to understand the attack, and was assisting their customers in dealing with the issue.
As a result, Microsoft has released a security patch for the following operating systems:
- Windows Server 2003 SP2 x64
- Windows Server 2003 SP2 x86
- Windows XP SP2 x64
- Windows XP SP3 x86
- Windows XP Embedded SP3 x86
- Windows 8 x86
- Windows 8 x64
It's also important to note that, more recent operating systems, such as Windows 8.1 and Windows 10, already have patches available since March.