Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Security Bug Government

As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems (bleepingcomputer.com) 150

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.
  • The Los Angeles Times says the attack "shows why Apple refused to hack terrorist's iPhone," and why Google, Apple, and Microsoft resist calls for backdoors. "Though the NSA hasn't confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.... when flaws the agencies discover pose a threat to the nation's businesses and consumers, they should be forced to help secure systems."
  • Science fiction writer Charlie Stross blogged a humorous take on the event, sharing a "Rejection Letter" from Reality Publishing Corporation that argues the plot of his newest thriller -- MS17-010 -- "does not hold up to scrutiny." (A government agency hoards known vulnerabilities about vital infrastructure, then suddenly loses control of them...)
  • troublemaker_23 shares ITWire's call for a "public statement of contrition" from Microsoft, which reminds readers that "the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause."
  • There's now a first-person account about the discovery of the kill switch, which insists that registering that domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..."
  • Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking the kill switch's site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"
This discussion has been archived. No new comments can be posted.

As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems

Comments Filter:
  • I, for one, welcome our new Cylon overlords.

  • by JoeyRox ( 2711699 ) on Saturday May 13, 2017 @01:12PM (#54411213)
    They truly are a reborn company.
    • by E-Rock ( 84950 )

      For an ancient unsupported version of their product. Make sure you put that into your narrative.

      • by Okian Warrior ( 537106 ) on Saturday May 13, 2017 @01:37PM (#54411311) Homepage Journal

        For an ancient unsupported version of their product. Make sure you put that into your narrative.

        Lots of people on the net would support the product, if Microsoft allowed them to.

        The fact that it's unsupported is a dodge - in reality, Microsoft comes out with new products and forces people into them in order to make more profit.

        And in this instance, the "forced upgrade" policy is causing people to die. it's completely unreasonable for people with expensive equipment running Windows XP to have to repurchase their hardware just because Microsoft wants them to spend another $100 for a new OS.

        If the OS is truly obsolete and unsupported, Microsoft should release it into the public domain.

        • by AmiMoJo ( 196126 ) on Saturday May 13, 2017 @03:28PM (#54411625) Homepage Journal

          XP isn't unsupported. Microsoft will happily provide patches if you pay them. All that has ended is free support.

          You buy proprietary software, you have to accept paying for support as long as you want to keep using it, and paying whatever the vendor demands.

          The NHS should require equipment to use free software, or for the vendor to supply security patches for its lifetime.

      • by Dunbal ( 464142 ) *

        For an ancient unsupported version of their product. Make sure you put that into your narrative.

        Not sure a car manufacturer could get away with "oh but we don't support that car anymore" if it started killing people. One thing is "corporate policy" and another thing is legal liability. Smart move on Microsoft's part, before they get sued.

        • by E-Rock ( 84950 ) on Saturday May 13, 2017 @03:30PM (#54411629) Homepage

          I must have missed where car makers went back and retrofitted cars with airbags and ABS at their own cost.

          Sure you can put these on yourself, just like you could add a hardware or software firewall to block inbound SMB. That would have stopped the lateral infection of this worm. No source code needed, just a bit of care and attention.

          • retrofitted cars with airbags and ABS at their own cost.

            No one is talking about MS back porting a world of security measures like ALSR into unsupported OSes. That would be the equivalent of retrofitting old cars with ABS. Retrofitting cars with airbags is not the same as fixing a new vulnerability. You know what car companies have done? Recalled cars with faulty airbags and fixed them at cost regardless of the age of the car.

      • Microsoft is the source of a bug they've known about for months and is causing thousands of users to have their data held captive but somehow I have a "narrative". Sounds like you're the one with a narrative.
      • by rtb61 ( 674572 )

        Hey moron, it is not about support, it is about shit programming and after years and years, still failing to fix it properly. People paid for working software not shit programming that would never be fixed, The law should be fix it or open source it, no right to never fix broken programming. Either M$ finally, finally fixes their shit coding or the open the source when the give up trying, so that other people can fix it.

        It is entirely corrupt to think you can just abandon bugs and security failures becaus

    • by athmanb ( 100367 )

      Try asking an open source developer for a patch for an application released in 2002 and see how far you get...

      • Why? The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.. not so with closed source and there lies the problem ;)
        • by __aaclcg7560 ( 824291 ) on Saturday May 13, 2017 @03:03PM (#54411559)

          The source would be available for anyone with knowledge to patch/fix as the source is open for all to see.

          If you wrote code in 2002 would you still understand the code 15 years later?

          Too many times I open up a source file from last week, look at the code, and think: "Who wrote this shit?! Oh, I did. Meh..."

          • Perhaps time to change your coding (or commenting) style then.
          • Asking about one's skill with editing old code has nothing to do with the need for treating other people ethically by respecting users' software freedoms. Just because you aren't skilled enough to track what's going on in code from week to week doesn't justify denying users the freedom to run, inspect, share, and modify the code running on their computers. Non-technical users (which probably are in the majority) can either learn programming, hire out the job, get someone they trust to help them gratis, or a

            • Just because you aren't skilled enough to track what's going on in code from week to week [..]

              I tend to make a lot of changes in my code from week to week. That it still works as intended is a nice bonus.

              [...] doesn't justify denying users the freedom to run, inspect, share, and modify the code running on their computers.

              I don't know where this line of reasoning came from.

              [...] just as your learning curve is apparently steep enough for you to review week-old code and think it to be "shit".

              My harshest critic is myself. If I think what I did last week was shit, than I need to do better this week. I know too many programmers who find it easy to "polish the turd" than to push themselves to the next level.

          • If you wrote code in 2002 would you still understand the code 15 years later?

            Weirdly, yes and from 1992. It might take a bit to get back into understanding the environment where it works but usually, I have provided enough annotation to pick it up again quickly, and that includes assembler. It is possibly though because I mostly stayed clear of the very clever stuff and I had enough experience to know that I could be haunted by old code and wrote accordingly.

    • oo-er (Score:3, Insightful)

      As much as I like to complain about micro$oft, I'm hard-pressed to fault them for this event, and certainly can't fault their response to it.

      I'd say most of the blame lies on the staff and, more so, the policies at the institutions where the event occurred. Government and healthcare orgs are notoriously slow to update mission-critical systems, and while some of this blame can be placed on their reliance on custom software built for old environments or a lack of funds for upgrades, at the end of the day all

      • Re:oo-er (Score:4, Interesting)

        by Joce640k ( 829181 ) on Saturday May 13, 2017 @02:58PM (#54411547) Homepage

        Most of those embedded devices probably can't be upgraded.

        This is why Microsoft should be taking more responsibility for them.

        • Re:oo-er (Score:5, Insightful)

          by F.Ultra ( 1673484 ) on Saturday May 13, 2017 @09:16PM (#54412509)
          Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.
          • Hardly, if it's any one who should take more responsibility here it's the vendors of said embedded devices. To even implement such devices on software that they know will be EOLd while still be connected to a network is beyond me.

            Trust me, the vendors have covered their asses with their install/support contract. They probably have an upgrade path, and only require the hospital to buy the new version along with new servers to begin the migration. $10 million isn't unusual for such an upgrade and a single departmental system, which may or may not be only payable out of departmental, capital, or some other budget by either hospital policy or state law. Plus, they're not really EOL'd. MS is still supporting older systems for those with

            • I'm quite sure that they have covered their asses with contracts. That is not my concern however. My concern is that they decide to build embedded devices running on Windows XP and then leave them connected to a network fully aware that Windows XP will be EOLd in the future (yes you can still shell out enormous amounts of cash to get some small support from Microsoft but that still leave it as practically EOL for most of us anyway).
        • which medical facility uses devices based on (software) components that are unsupported? do they also let the calibration on their dosimeters expire?

          no, if your embedded device contains software that EOLs, then THE WHOLE FUCKING DEVICE should EOL on that date. you know that date at the time of purchase - it's no secret.

  • by Rick Schumann ( 4662797 ) on Saturday May 13, 2017 @01:21PM (#54411255) Journal
    Am I safe to assume that since I don't have the Server Service or Workstation Service running that I'm safe from this particular exploit?
    • If you got a current Microsoft OS and up to date on patching, you should be safe. It might help if you're not looking at naughty bits on the Internet. If you don't practice safe computing, you're just asking for trouble.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Several years ago, somebody did a study of the worst types sites on the web, the ones most likely to infect your computer.

        Porn wasn't even close to the top.

        The absolute worst offender?

        Church sites.

        What they figured out is that religious people are stupid, believing in a god is only one symptom of that stupidity. They have some moron in the church design their website for free, but the moron doesn't actually know anything about security. So there's unpatched code all over that church site, it gets hacked q

        • The absolute worst offender?

          At the enterprise level, I would say money exchange websites. More so if you have an international workforce that travels a lot between job sites.

          Church sites.

          I'm not surprised. Church people are surprisingly gullible even though the Bible teaches: "Therefore be as shrewd as snakes and as innocent as doves." (Matthew 10:16)

        • by Anonymous Coward

          Your words are embarrassingly condescending here, but it's true in other venues that scammers are attracted to religious folk due to their gullibility.

      • Tricky for the NHS - it's part of the job of healthcare professionals to look at people's naughty bits.

    • SMB is always running even if you turn off filesharing it's still there \\pcname\c$ will take you to that computers c drive.

      Patch please

      • Okay.. I don't think you know the difference between 'filesharing' and what I'm talking about.
        Open a command prompt and type:
        net start
        You'll get a list of Windows Services that are running. Most all of you will see "Server" and "Workstation". I have those services set to "Disabled"; they don't show up in that list, they're literally not running at all. So again what I'm asking is: Since those Windows Services are Disabled (i.e. not running) then is there still a problem or not? If you don't know the answ
      • Since you claim to know what you're talking about: "Server Service" and "Workstation Service" are both STOPPED and DISABLED and have been for a long time now.
        Netstat -an | findstr LISTENING returns this:
        TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
        TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
        Additionally I'm behind a firewall that has all ports (0 through 65535) invisible on the WAN interface, and of course no SMB-related ports are open regardless.
        Now, are you really saying that this can still be infected? Don't just say
    • by athmanb ( 100367 )

      Maybe? You should definitely still patch MS17-010 though.

      • I don't trust Microsoft to not slip something else I don't want into the patch.
        • by jonwil ( 467024 )

          Personally I would rather my system be running whatever crap MS has invented (spyware included) than be at risk of being infected with malware.

  • by __aaclcg7560 ( 824291 ) on Saturday May 13, 2017 @01:34PM (#54411299)
    At my job we finished phasing out the Windows XP and Windows Server 2003 systems from the network last year, the few Windows 8 tablets we have in test are Windows 8.1, and everything else is up-to-date with the latest patches. While the rest of the world burned, it was a quiet Friday as everyone took off for the weekend..
    • I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

      I told him that under no circumstances would I do anything with that machine other than help him move the data to another computer so it could be reformatted. I told him we could put Linux or 7 on it, but I would not support XP for him.

      He made some nose about really liking that version of AutoCAD that wouldn't run on anything later, so I told him that he could keep using it, but the only thing I would do for him

      • I had one client this year ask me to work on an XP machine, it wasn't connecting to his network.

        One time I had a user who finally gave up his Windows 95 desktop after ten years. I popped open the case and found a dust ball that was larger than a grapefruit inside.

      • > about really liking that version of AutoCAD
        the cracked version he had wouldn't install on windows 7, i bet.

  • How about fixing the Windows Update on 7. I have a few Win7 virtual machines, that only have 1 core a 4GB RAM and Windows Update just munches one CPU forever and never finishes. I have let it run for weeks, and it never finishes.

    That's why I disabled Windows Update on them, because that situation was untenable. I tried many proposed fixes I found on different fora, but nothing worked.

    Granted, they are relatively safe, because these installations only exist to provide me a Windows when I need one (read

    • You need two or more cores to run WIndows Update and play Minesweeper at the same time.
      • Could you have been any less helpful?
        • Could you have been any less helpful?

          WOOOSH!

          • You can kid all you want, creimer. I did understand your silly joke, but you make a stupid joke, while I address a real problem. Microsoft caused a great many Windows 7 installations to get in this situation: eternal Windows Update cycle. As such, these machines aren't being patched and are all vulnerable. That is something they should have fixed, asap, and pushed though immediately. Of course, they didn't because we all know that badly behaved Windows 7 machines were more likely to get upgraded to 10.
            • I did understand your silly joke, but you make a stupid joke, while I address a real problem.

              You came to Slashdot looking for advice on a real problem. This will end badly.

              As such, these machines aren't being patched and are all vulnerable.

              The solution is simple: more hardware. One core isn't going to cut it. You need a minimum of two cores and four cores is preferable. I had no problems running Windows Vista through 10 because I don't use the minimum hardware specs. That's just asking for trouble.

              Try deleting or renaming the software distribution folder (works on Win7).
              http://www.windowscentral.com/how-clear-softwaredistribution-folder-windows-10 [windowscentral.com]

              Or back up the d

              • I didn't come here for advice. The answers I've seen correspond to what I found. The only new thing would be to disconnect the machines from network while doing the update (which is hard when you your your machines using RDP)

                One core and 4GB is not the minimum hardware specs for 7, and even if it were: the security features should work perfectly on minimum system requirements. It's a base OS functionality. For most tasks, one core + 4GB is is more than sufficient. Always has been.

                I have a fundament

                • Usually, that's exactly the kind of people that you don't take advice from because it's the easy solution. The one that doesn't require thinking.

                  Right. That's what all the people with underperforming systems tell me. Meanwhile, I'm working on my cheap Dell laptop with a dual-core processor, 120GB SSD and 8GB RAM, running Chrome, PyCharm and Thunderbird. If the system does slow down from trying too many things at the same time, I just get another Diet Pepsi.

              • ... and for the record..... I did reinstall a couple of times, and les WU do its work.

                DIdn't work. How can a plain ISO install fuck up? The only thing I did was, let sit aloe do its thing... It should fix itself, right? Well it doesn't.

                I've been managing, installing and maintaining Windows machines for years... I am not the cause.

                These VMs can be reinstalled at will though... Data is not stored on VMs. They are only tools in order to live in a Windows world where the occasional task comes where you

            • Re:Windows 7 (Score:5, Informative)

              by Nkwe ( 604125 ) on Saturday May 13, 2017 @03:25PM (#54411617)
              Actually it has been fixed. While there is a problem with Windows Update getting stuck there are a couple of patches that you can manually apply to get it working again. No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself. Yes, it is a pain to figure out the patches you need and get them applied, but if you do it, it will all be good. For a Win7 64 bit box, try installing KB3138612, KB3020369, KB3172605, and KB3125574. I don't remember the order you need do do these in (you can go read the notes) but the last couple of times I had to resurrect a Win7 machine that was way out of date patch wise, those got it working for me. (And of course, you should get to a more current and supported version of the operating system...)
              • No, Microsoft can't do that for you because the tool they would use (Windows Update) has the issue itself.

                Yes, yes,... They could make a single comprehensive patch that fixes it. One download, one fix... Well advertised. Hell, I'm sure they would have a way to do it over WU. If a WU client with a certain version contacts the WU server, you send one patch: the one to fix itself. At that point it can fix itself, and then go on it's merry way. Windows XP had an WU fix that went about that way: it was a p

                • by Nkwe ( 604125 )

                  You do not perceive that as a problem? How is Aunt Annie going to do this? You don't even remember the order... I know I have followed many guides, and it never worked. Never... Followed the exact order. Is it because it's a VM and doesn't get a true full core for it? I have no idea.

                  Assuming that Aunt Annie is not a technical person she would either hire a professional or rely on help from friends and relatives -- the same thing she would do if her car broke down (also assuming that she isn't a mechanic). I don't remember the order because I don't spend much time on Windows 7. I have moved on to a currently supported operating system. I happened to have the patch files sitting in a a directory on my file server and as a courtesy gave you the KB numbers. If I had to patch a Windows 7 bo

              • A real fix to this problem would be a single download on their web site, in an obvious location, that patches Windows Update to the latest version. No need to hunt down this stuff yourself. But, that would be too simple given that they don't want you to reinstall Win7, in favor of buying Win10.

                Instead, you have to surf their forums to find other people complaining about Windows Update running for days (literally) at 100% CPU usage. MS lackeys suggest you reboot your computer. Forum people argue about wh

    • by Anonymous Coward

      Install the June 2016 update. Use the manual download installer, and disconnect from the Internet when you launch it. Reboot, Windows Update now works right.

      • On any patch level, or do I need to start form a fresh install.

        The "disconnect from Interent" is a new factor for me. The July 2016 update promised to fix it, but never did. I must admit, this is going to be very hard for me, because these machine run on Xen hosts and well, I access them using RDP.

        • by Anonymous Coward

          The July 2016 should do the trick as well, according to the KBs.
          You disable Windows Update (no checking), as you said you already have.
          You disconnect from the Internet so the manual installer can not attempt an online scan, which is the slow part.
          You need SP1 installed. You need KB3020369 installed, get it manually as well.
          Then you install the June or July 2016 rollup. Reboot. Re-enable Windows Update, reconnect to the Internet. Scans should be speedier, especially once you are more up to date.

          You also

          • Yes, these are the things I have read before. I never disconnected from the Internet, and as such it never worked. I'll try it again one of these days. I might be vulnerable, but the risk is very low (and obviously those VMs have no data of any importance)

            What is certain, is that many people may have their machines in a state like my VMs. If so, they are vulnerable and can't be patched. Microsoft is very, very at fault for creating a whole fleet of unpatchable 7 machines. It obviously played in their

    • Try installing the optional patch KB3172605. It solved the Win Update running and running for ever problem for me at least.
    • by jez9999 ( 618189 )

      Talking of which am I missing something? That link above had a fix for Windows XP and Windows 8, but not Windows 7. What gives?

    • by ChoGGi ( 522069 )

      If you manually install a couple updates before running windows update, it'll fix that issue
      https://hardforum.com/threads/... [hardforum.com]

  • by networkzombie ( 921324 ) on Saturday May 13, 2017 @01:55PM (#54411373)
    The scan to folder functions on some copiers haven't upgraded their SMB yet, so they cannot save scans to folders without SMBv1. Your choices are get a new copier (or copier with different vendor), enable SMBv1 on the server (bad idea), or use FTP (bad but not as bad idea). I've come across servers that had SMBv1 enabled just for this. One copier vendor wanted major cash to get the latest firmware. WTF? I've had good luck with Toshiba and Xerox. Sharp and Ricoh can kiss my ass. Forums are filled with "techs" advising to enable SMBv1 on the server. Yikes!
  • Oh wait, they deliberately didn't do that .....

  • Microsoft in there greed to force everyone to Windows 10 turned of patch's on peoples machines. Shit hits the fan.
  • From https://view.officeapps.live.c... [live.com] : "As expected, Enterprise Services revenue declined 1 percent and was flat in constant currency, due to a lower volume of Windows Server 2003 custom support agreements."
    I did not even know that Custom Support has to do with MS quarterly earnings until today! I wonder how much it actually costs for MS.

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"

Working...