WannaCry – Microsoft issued emergency patches for Windows XP and Server 2003

Microsoft issued security patches for Windows XP and Server 2003 in response to the WannaCry ransomware attacks.

On Friday, the WannaCry ransomware infected systems at organizations and critical infrastructure across at least 74 countries leveraging NSA exploits, at least 120,000 computers worldwide have been hit in a few hours.

The WannaCry exploits the NSA EternalBlue / DoublePulsar exploits to infect other connected Windows systems on the same network, the malware implements network warm capabilities that allow it to rapidly spread.

“The special criticality of this campaign is caused by exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar, which can infect other connected Windows systems on the same network that are not properly updated. Infection of a single computer can end up compromising the entire corporate network.” states the security alert issued by the CERT.

On Friday evening, Microsoft promptly issued security patches for Windows XP, Server 2003, and Windows 8, in response to the massive attack.According to the real-time map of the infection, the WannaCry attacks on Friday reached 125,000 systems worldwide.“The ransomware, a variant of WannaCry, infects the machine by encrypting all its files and, using the vulnerability mentioned in the previous paragraph that allows the execution of remote commands through Samba (SMB) and is distributed to other Windows machines in That same network.”The DOUBLEPULSAR backdoor allows attackers to inject and execute malicious code on a target system, it is installed by leveraging the ETERNALBLUE, an SMBv1 (Server Message Block 1.0) exploit that could trigger an RCE in older versions of Windows (Windows XP to Server 2008 R2).Microsoft patched the vulnerability in March, but the security updates were made available only for current platforms and for those clients that have signed a custom support contract. Systems running Windows XP, Windows 8, and Server 2003 were vulnerable to the attack, for this reason Microsoft decided to provide security patches also for these systems.

“Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.” reads the advisory published by Microsoft.” This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.”

Microsoft released patches for Windows Server 2003 (SP2 x64 / x86); Windows XP (SP2 x64, SP3 x86); Windows XP Embedded (SP3, x86); as well as the 32-bit and 64-bit versions of Windows 8.

Below further details shared by the company.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – WannaCry ransomware, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next Experts at RedSocks analyzed the massive WannaCry Ransomware attack »

Previous « Experts discovered a kill switch to slow the spreading of the WannaCry ransomware

Published by

Pierluigi Paganini

Tags: critical infrastructureCybercrimeHackingmalwarewannacry ransomware

7 years ago

Cryptocurrencies and cybercrime: A critical intermingling

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…

3 mins ago

Data Breach

Kaiser Permanente data breach may have impacted 13.4 million patients

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…

24 mins ago

Hacking

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…

3 hours ago

Cyber Crime

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …

5 hours ago

Security

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…

16 hours ago

Hacking

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…

22 hours ago

This website uses cookies.