Posted on Saturday, May 13 2017 @ 11:55 CEST by Thomas De Maesschalck
Despite having reached the end of its life over three years ago, Microsoft just rolled out the MS17-010 patch for Windows XP. Additionally, other unsupported versions of Windows like Windows 8 and Windows Server 2003 also received the patch.
"Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download," Microsoft said in a statement. "This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind."Interestingly, the Wcry outbreak was stopped yesterday evening as a security researcher from MalwareTech discovered a domain name inside the code of the worm. This domain name was not registered so the security researcher decided to register the domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) to see what would happen.
Researchers believe that Wana Decrypt0r — also referenced online as WCry, WannaCry, WannaCrypt, and WanaCrypt0r — infected over 78,000 computers.
Much to his surprise, he had accidentally stumbled upon a kill switch. The worm makes a pre-infection check to the domain and stops the infection process if the domain exists. Nice job!
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) 13 mei 2017
However, this is just a temporary fix as by changing a couple of lines of code the attacker can create a new strain of the worm. The only solution is to ensure your system or systems are fully patched.
Full details at Bleeping Computer.
