Microsoft alerts for WannaCry-like exploit, releases Windows patches
Microsoft’s decision of patching older Windows’ versions suggest the possibility of an exploit on a global scale.
Recently, software giant Microsoft issued an urgent warning to users of older Windows systems to apply an update in order to protect against a potential widespread cyber attack.
The company released a patch for the high-severity vulnerability that affects Remote Desktop Services available in Windows 7, Windows Server 2008 R2, and Windows Server 2008.
The company even ported the bug fix to Windows XP and Windows 2003, two operating systems that are otherwise no longer receiving support updates.
The decision of patching these older Windows’ versions suggest the possibility of an exploit on a global scale.
“Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Simon Pope, the director of incident response at the Microsoft Security Response Center, wrote in a statement. “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
Microsoft’s decision to invoke WannaCry should speak to just how serious a potential exploit could be. To date, the ransomware attack that terrorized individuals and organizations around the world in May 2017 is one of the worst cyber attacks on record.
The attack, which encrypted files on infected machines and demanded victim pay a ransom in cryptocurrency in order to regain access to their information, affected more than a million systems across the globe and extracted huge sums from the victims. If Microsoft is raising the specter of that attack, it knows that it has a potentially devastating vulnerability on its hands and needs users to act quickly.
Experts at industrial cybersecurity platform CyberX analyzed traffic from more than 850 operation technology networks and found that 53 percent of industrial sites are still running unsupported versions of Windows.
“The problem stems from the fact that patching computers in industrial control networks is challenging because they often operate 24-7 controlling large-scale physical processes like oil refining and electricity generation,” Phil Neray, VP of Industrial Cybersecurity at CyberX told Forbes. “For companies that can’t upgrade, we recommend implementing compensating controls such as network segmentation and continuous network monitoring.”
Even with automatic updates available, many people—including security experts—just cannot stay on top of security patches. A 2015 survey by Google found that more than one in three security professionals don’t keep their systems up to date. Only 64 percent of security experts update their software automatically or as soon a new patch is made available. For the general public, that number drops to just 38 percent. Meanwhile, people are more than happy to come up with excuses to turn off automatic updates.
That’s not even an option with the latest Windows vulnerability when it comes to older, out-of-date operating systems. To install the necessary patch, Windows XP users will have to manually download the update from Microsoft. They at least have more public advance notice this time, as the WannaCry patch was released to relatively little fanfare. That possibility of a sequel to that attack might be enough to scare people and companies straight into installing the necessary update.