Emergency update for XP from Microsoft

Computer Help and Discussions Software
1

In order to protect XP users from the vulnerability which lead to the world wide Ransomware attack yesterday, Microsoft has created a patch for download for XP machines.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Other OS's that haven't yet done their Windows Updates should do so NOW!! The patch for this was in March Windows Updates.

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

2

Thanks, Hazelnut. Got it. . . . Update for xp, wow.

3

Thanks Hazelnut, that information has been shared.

Bit of a surprise move with the XP update.

There again knowing these big organisations, like the NHS, the IT department will want to 'evaluate' it for a couple of months before installing it on anyones machine.

It is the main reason that these big organisations are always the ones that get hit, they take months to apply security updates.

It's the same with Windows 10, only one version can block automatic security updates-

Windows 10 Enterprise, only used by the big organisations.

4

Apparently 90% of the NHS is still on XP. They have that version which, for a price, Microsoft supplied updates for.

Problem is, as far as I can gather, the Government stopped paying for the updates after 2014.

“NHS trusts have been running thousands of outdated and unsupported Windows XP machines despite the government ending its annual £5.5m deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015,”

https://www.theguardian.com/society/2017/may/13/jeremy-hunt-ignored-warning-signs-before-cyber-attack-hit-nhs

Everyone should fully update their machines as soon as possible no matter what operating system they use.

(The XP patch is small, easy to install, needs a reboot and doesn't change any system settings such as turning win updates back on)

5

Yes, last night I was talking to a friend who is a medical secretary at the local hospital.

She got a BSOD at about 11:30 yesterday morning, and sent home at lunchtime.

Her XP machine is due to get updated (in six months or so) - to Windows 7 which will be out of support again in a couple of years.

OK it will cost a lot to get the whole NHS up to date, but maybe the cost of the work they'll have to do this weekend would have paid for a lot of it.

Will see her again tonight, it'll be interesting to see what she did at work today. LOL.

6

nice to have this 672 kb :-) thanks

7

and for vista x86 slim 1,2 mb too :)

8

- Well, and the NHS is "swimming in the money", right ?? Seems they don't have the money to switch to a newer OS.

- Yes, I have updated my Win 7 system with that March update and I don't open suspect emails. So, I should be fine.

9

- But Vista was already covered in the March 2017 patch up update. Because support for Vista was dropped after april of 2017.

- Win 8 (NOT Win 8.1 !!!) wasn't covered as well.

My info came from this article:

https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/

10

- "Bleeping Computer" also had this article on how to disable the ransom-ware:

https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-outbreak-temporarily-stopped-by-accidental-hero-/

11
. . .

Everyone should fully update their machines as soon as possible no matter what operating system they use.

(The XP patch is small, easy to install, needs a reboot and doesn't change any system settings such as turning win updates back on)

Good advice, thank you. Did so here on xp. First made an image backup & a registry backup. The patch was quick & easy like you said.

One thing I was worried about was Powershadow, since it makes some changes deep in the boot sector on xp, but it is still working just fine.

I saved those updates on a USB stick for easy transportation.

12

On Windows XP the update replaces the following files with new versions:

C:\WINDOWS\system32\xpsp4res.dll

C:\WINDOWS\system32\DllCache\srv.sys

C:\WINDOWS\system32\DRIVERS\srv.sys

13

- Microsoft is not "too happy" with the NSA's action/neglect regarding this vulnerability in the Windows OS.

https://mishtalk.com/2017/05/14/microsoft-blasts-nsa-cia-for-stockpiling-vulnerabilities-criminal-negligence-by-nsa/

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.00001qetxt6r5scz1teqfe8tvxalo

- Didn't MS know that there are large organisations (like the NHS) that are still using the XP OS ?

14

Didn't MS know that there are large organisations (like the NHS) that are still using the XP OS ?

Yes they knew, and have been warning them for years that XP was no longer secure.

The NHS / UK Government (and plenty of others) chose to ignore the warnings, with inevitable results.

You can't expect MS to keep supporting an outdated product, for free, just because someone refuses to get a newer product.

(There is probably some government bigwig sat in a comfy office saying right now- "We don't need to do anything, MS provided a free patch so we are safe now").

15

I don't understand why a government would even use Windows (especially Win10 with it's built-in keylogging). One would think they'd use Linux to eliminate allot of malware issues, etc., then they could periodically scan with something like ClamAV just to be safe.

16

Two years ago the DWP were advertising jobs for 'retired' programmers to help keep their 1970's Fortran and Cobol routines 'up to date'.

They were also looking for people with Primos and Unix experience.

Guess those systems are pretty safe from todays teenage hackers who've probably never heard of Primos.

17

- Microsoft is not "too happy" with the NSA's action/neglect regarding this vulnerability in the Windows OS.

. . .

A bit different slant on the situation.

https://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/
18

It didn't take the photoshoppers long.

https://www.bleepingcomputer.com/news/security/people-are-photoshopping-wannacry-ransom-notes-on-everything-with-a-screen/

19

Ransomware on a washing machine. Gonna be some dirty clothes!

20

Thanks hazel.

Really appreciated. :)