In action designed to curtail the WannaCry malware, Microsoft has embedded into its most recent Patch Tuesday — its regular security patch release — code to address the tough cyber crime software.
Also known as WannaCrypt and WanaCrypt0r 2.0, the ransomware has spread quickly since its May 2017 release. It is active in over 100 countries and as many as 75,000 computers. Once infected, computers are “locked” by data being encrypted, with a ransom message demanding $300 to subsequently decrypt the data. The cyber attack did particular damage in the United Kingdom, getting into the National Health Service system and forcing some hospitals to temporarily restrict services.
In an unusual move, the release includes a patch for the older Windows XP operating system, which Microsoft stopped supporting in April of 2014. A press release highlights the potency of WannaCry by stating that Microsoft recognizes “the elevated risk for destructive cyber attacks at this time.”
The general manager of the Cyber Defense Operations Center at Microsoft, Adrienne Hall, referenced providing additional security updates with the Update Tuesday release due to the current elevated risk posed by cyber attacks that are backed by government organizations, known as nation-state actors, or other copycat organizations.
Via either Microsoft’s Download Center or Windows Update, the update will protect computers running Windows XP, Windows Vista, and any other recent — unsupported or supported — versions of Windows. The unusual step to support older versions of Windows was based on “an assessment of the current threat landscape by our security engineers” according to a Microsoft press release.
It is strongly advised that the patches be used as soon as possible. Computers running Windows 10 or Windows 8.1 with automatic updates enabled have already had the patch incorporated into their system.